Details
-
Bug
-
Resolution: Fixed
-
Highest
-
None
-
None
Description
HipChat Server used a vulnerable version of the ImageMagick library without restricting coders. Attackers who can log in can use the ImageMagick vulnerabilities in vulnerable versions of HipChat Server to:
- Execute remote code of their choice
- Delete files that the www-data user has permission to delete
- Move files that the www-data user has permission to move
- Read files that the www-data user has permission to read
- Make http requests to local and internal services
To exploit this issue, attackers need to have a valid account in a vulnerable HipChat Server instance.
Affected versions:
- All versions of HipChat Server before version 2.0 build 1.4.1 are vulnerable.
Fix:
- Upgrade HipChat Server to version 2.0 build 1.4.1 or higher by following the instructions found at Upgrading HipChat Server.
For additional details see the full advisory.