CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14585
https://notcve.org/view.php?id=CVE-2017-14585
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. Una vulnerabilidad de SSRF (Server-Side Request Forgery) podría conducir a la ejecución remota de código para administradores autenticados. • http://www.securityfocus.com/bid/101945 https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html https://jira.atlassian.com/browse/HCPUB-3526 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8080
https://notcve.org/view.php?id=CVE-2017-8080
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. Atlassian Hipchat Server en versiones anteriores a la 2.2.4 permite a usuarios autenticados remotos con privilegios a nivel de usuario ejecutar código arbitrario mediante vectores que involucran la subida de imágenes. • http://www.securityfocus.com/bid/98262 https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html https://jira.atlassian.com/browse/HCPUB-2980 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7357
https://notcve.org/view.php?id=CVE-2017-7357
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. Hipchat Server en versiones anteriores a 2.2.3 permite a usuarios autenticados remotos con privilegios de nivel Server Administrator ejecutar código arbitrario al importar un archivo. • http://www.securityfocus.com/archive/1/540410/100/0/threaded http://www.securityfocus.com/bid/97621 https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html https://jira.atlassian.com/browse/HCPUB-2903 • CWE-434: Unrestricted Upload of File with Dangerous Type •