CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14585
https://notcve.org/view.php?id=CVE-2017-14585
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. Una vulnerabilidad de SSRF (Server-Side Request Forgery) podría conducir a la ejecución remota de código para administradores autenticados. • http://www.securityfocus.com/bid/101945 https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html https://jira.atlassian.com/browse/HCPUB-3526 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8080
https://notcve.org/view.php?id=CVE-2017-8080
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. Atlassian Hipchat Server en versiones anteriores a la 2.2.4 permite a usuarios autenticados remotos con privilegios a nivel de usuario ejecutar código arbitrario mediante vectores que involucran la subida de imágenes. • http://www.securityfocus.com/bid/98262 https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html https://jira.atlassian.com/browse/HCPUB-2980 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7357
https://notcve.org/view.php?id=CVE-2017-7357
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. Hipchat Server en versiones anteriores a 2.2.3 permite a usuarios autenticados remotos con privilegios de nivel Server Administrator ejecutar código arbitrario al importar un archivo. • http://www.securityfocus.com/archive/1/540410/100/0/threaded http://www.securityfocus.com/bid/97621 https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html https://jira.atlassian.com/browse/HCPUB-2903 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2016-6668
https://notcve.org/view.php?id=CVE-2016-6668
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. El Atlassian Hipchat Integration Plugin para Bitbucket Server 6.26.0 en versiones anteriores a 6.27.5, 6.28.0 en versiones anteriores a 7.3.7 y 7.4.0 en versiones anteriores a 7.8.17; pllugin HipChat para Confluence 6.26.0 en versiones anteriores a 7.8.17; y plugin HipChat para JIRA 6.26.0 en versiones anteriores a 7.8.17 permite a atacantes remotos obtener la clave secreta para comunicarse con instancias HipChat leyendo páginas no especificadas. • http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html http://www.securityfocus.com/archive/1/539530/100/0/threaded http://www.securityfocus.com/bid/93159 https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •