Search criteria
6 vulnerabilities found for hipchat_server by atlassian
CVE-2017-14585 (GCVE-0-2017-14585)
Vulnerability from nvd – Published: 2017-11-27 16:00 – Updated: 2024-09-16 19:31
VLAI
Summary
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected.
Severity
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jira.atlassian.com/browse/HCPUB-3526 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101945 | vdb-entryx_refsource_BID |
| https://confluence.atlassian.com/hc/hipchat-serve… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Hipchat Server |
Affected:
2.2.0 <= version < 4.3
|
|
| Atlassian | Hipchat Data Center |
Affected:
3.0.0 <= version < 3.1.0
|
Date Public
2017-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/HCPUB-3526"
},
{
"name": "101945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101945"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hipchat Server",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "2.2.0 \u003c= version \u003c 4.3"
}
]
},
{
"product": "Hipchat Data Center",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "3.0.0 \u003c= version \u003c 3.1.0"
}
]
}
],
"datePublic": "2017-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T10:57:01.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/HCPUB-3526"
},
{
"name": "101945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101945"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-11-22T00:00:00",
"ID": "CVE-2017-14585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hipchat Server",
"version": {
"version_data": [
{
"version_value": "2.2.0 \u003c= version \u003c 4.3"
}
]
}
},
{
"product_name": "Hipchat Data Center",
"version": {
"version_data": [
{
"version_value": "3.0.0 \u003c= version \u003c 3.1.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/HCPUB-3526",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/HCPUB-3526"
},
{
"name": "101945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101945"
},
{
"name": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-14585",
"datePublished": "2017-11-27T16:00:00.000Z",
"dateReserved": "2017-09-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:31:45.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8080 (GCVE-0-2017-8080)
Vulnerability from nvd – Published: 2017-05-05 14:00 – Updated: 2024-08-05 16:27
VLAI
Summary
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98262 | vdb-entryx_refsource_BID |
| https://confluence.atlassian.com/hc/hipchat-serve… | x_refsource_CONFIRM |
| https://jira.atlassian.com/browse/HCPUB-2980 | x_refsource_CONFIRM |
Date Public
2017-04-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/HCPUB-2980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-05T11:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/HCPUB-2980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98262"
},
{
"name": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html"
},
{
"name": "https://jira.atlassian.com/browse/HCPUB-2980",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/HCPUB-2980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8080",
"datePublished": "2017-05-05T14:00:00.000Z",
"dateReserved": "2017-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:27:22.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7357 (GCVE-0-2017-7357)
Vulnerability from nvd – Published: 2017-04-14 18:00 – Updated: 2024-08-05 15:56
VLAI
Summary
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://jira.atlassian.com/browse/HCPUB-2903 | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/540410/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/97621 | vdb-entryx_refsource_BID |
| https://confluence.atlassian.com/hc/hipchat-serve… | x_refsource_CONFIRM |
Date Public
2017-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/HCPUB-2903"
},
{
"name": "20170413 April 2017 - HipChat Server Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540410/100/0/threaded"
},
{
"name": "97621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/HCPUB-2903"
},
{
"name": "20170413 April 2017 - HipChat Server Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540410/100/0/threaded"
},
{
"name": "97621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/HCPUB-2903",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/HCPUB-2903"
},
{
"name": "20170413 April 2017 - HipChat Server Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540410/100/0/threaded"
},
{
"name": "97621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97621"
},
{
"name": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7357",
"datePublished": "2017-04-14T18:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:56:36.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14585 (GCVE-0-2017-14585)
Vulnerability from cvelistv5 – Published: 2017-11-27 16:00 – Updated: 2024-09-16 19:31
VLAI
Summary
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected.
Severity
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jira.atlassian.com/browse/HCPUB-3526 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101945 | vdb-entryx_refsource_BID |
| https://confluence.atlassian.com/hc/hipchat-serve… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Hipchat Server |
Affected:
2.2.0 <= version < 4.3
|
|
| Atlassian | Hipchat Data Center |
Affected:
3.0.0 <= version < 3.1.0
|
Date Public
2017-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/HCPUB-3526"
},
{
"name": "101945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101945"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hipchat Server",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "2.2.0 \u003c= version \u003c 4.3"
}
]
},
{
"product": "Hipchat Data Center",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "3.0.0 \u003c= version \u003c 3.1.0"
}
]
}
],
"datePublic": "2017-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T10:57:01.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/HCPUB-3526"
},
{
"name": "101945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101945"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-11-22T00:00:00",
"ID": "CVE-2017-14585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hipchat Server",
"version": {
"version_data": [
{
"version_value": "2.2.0 \u003c= version \u003c 4.3"
}
]
}
},
{
"product_name": "Hipchat Data Center",
"version": {
"version_data": [
{
"version_value": "3.0.0 \u003c= version \u003c 3.1.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/HCPUB-3526",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/HCPUB-3526"
},
{
"name": "101945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101945"
},
{
"name": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-14585",
"datePublished": "2017-11-27T16:00:00.000Z",
"dateReserved": "2017-09-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:31:45.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8080 (GCVE-0-2017-8080)
Vulnerability from cvelistv5 – Published: 2017-05-05 14:00 – Updated: 2024-08-05 16:27
VLAI
Summary
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98262 | vdb-entryx_refsource_BID |
| https://confluence.atlassian.com/hc/hipchat-serve… | x_refsource_CONFIRM |
| https://jira.atlassian.com/browse/HCPUB-2980 | x_refsource_CONFIRM |
Date Public
2017-04-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/HCPUB-2980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-05T11:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/HCPUB-2980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98262"
},
{
"name": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html"
},
{
"name": "https://jira.atlassian.com/browse/HCPUB-2980",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/HCPUB-2980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8080",
"datePublished": "2017-05-05T14:00:00.000Z",
"dateReserved": "2017-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:27:22.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7357 (GCVE-0-2017-7357)
Vulnerability from cvelistv5 – Published: 2017-04-14 18:00 – Updated: 2024-08-05 15:56
VLAI
Summary
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://jira.atlassian.com/browse/HCPUB-2903 | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/540410/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/97621 | vdb-entryx_refsource_BID |
| https://confluence.atlassian.com/hc/hipchat-serve… | x_refsource_CONFIRM |
Date Public
2017-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/HCPUB-2903"
},
{
"name": "20170413 April 2017 - HipChat Server Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540410/100/0/threaded"
},
{
"name": "97621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/HCPUB-2903"
},
{
"name": "20170413 April 2017 - HipChat Server Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540410/100/0/threaded"
},
{
"name": "97621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/HCPUB-2903",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/HCPUB-2903"
},
{
"name": "20170413 April 2017 - HipChat Server Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540410/100/0/threaded"
},
{
"name": "97621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97621"
},
{
"name": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7357",
"datePublished": "2017-04-14T18:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:56:36.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}