Lucene search

[email protected]CVE-2016-6668

HistoryJan 23, 2017 - 9:59 p.m.

CVE-2016-6668

2017-01-2321:59:02

CWE-200

[email protected]

web.nvd.nist.gov

atlassian

hipchat

integration

plugin

bitbucket

server

cve-2016-6668

security

vulnerability

remote attackers

secret key

confluence

jira

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.3%

JSON

The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.

Affected configurations

NVD

Node

atlassianconfluence_serverMatch5.5.0

atlassianconfluence_serverMatch5.9.1

atlassianconfluence_serverMatch5.9.2

atlassianconfluence_serverMatch5.9.3

atlassianconfluence_serverMatch5.9.4

atlassianconfluence_serverMatch5.9.5

atlassianconfluence_serverMatch5.9.6

atlassianconfluence_serverMatch5.9.7

atlassianconfluence_serverMatch5.9.8

atlassianconfluence_serverMatch5.9.9

atlassianconfluence_serverMatch5.9.10

atlassianconfluence_serverMatch5.9.11

atlassianconfluence_serverMatch5.9.12

atlassianconfluence_serverMatch5.10.0

atlassianconfluence_serverMatch5.10.1

atlassianconfluence_serverMatch5.10.2

atlassianconfluence_serverMatch5.10.3

Node

atlassianjira_integration_for_hipchatMatch6.26.0

atlassianjira_integration_for_hipchatMatch6.26.10

atlassianjira_integration_for_hipchatMatch6.29.1

atlassianjira_integration_for_hipchatMatch6.29.2

atlassianjira_integration_for_hipchatMatch6.31.0

atlassianjira_integration_for_hipchatMatch7.1.0

atlassianjira_integration_for_hipchatMatch7.2.1

atlassianjira_integration_for_hipchatMatch7.3.2

atlassianjira_integration_for_hipchatMatch7.3.3

atlassianjira_integration_for_hipchatMatch7.4.1

atlassianjira_integration_for_hipchatMatch7.8.1

atlassianjira_integration_for_hipchatMatch7.8.3

atlassianjira_integration_for_hipchatMatch7.8.12

CPENameOperatorVersion
atlassian:confluence_serveratlassian confluence servereq5.5.0
atlassian:confluence_serveratlassian confluence servereq5.9.1
atlassian:confluence_serveratlassian confluence servereq5.9.2
atlassian:confluence_serveratlassian confluence servereq5.9.3
atlassian:confluence_serveratlassian confluence servereq5.9.4
atlassian:confluence_serveratlassian confluence servereq5.9.5
atlassian:confluence_serveratlassian confluence servereq5.9.6
atlassian:confluence_serveratlassian confluence servereq5.9.7
atlassian:confluence_serveratlassian confluence servereq5.9.8
atlassian:confluence_serveratlassian confluence servereq5.9.9

CPE	Name	Operator	Version
atlassian:confluence_server	atlassian confluence server	eq	5.5.0
atlassian:confluence_server	atlassian confluence server	eq	5.9.1
atlassian:confluence_server	atlassian confluence server	eq	5.9.2
atlassian:confluence_server	atlassian confluence server	eq	5.9.3
atlassian:confluence_server	atlassian confluence server	eq	5.9.4
atlassian:confluence_server	atlassian confluence server	eq	5.9.5
atlassian:confluence_server	atlassian confluence server	eq	5.9.6
atlassian:confluence_server	atlassian confluence server	eq	5.9.7
atlassian:confluence_server	atlassian confluence server	eq	5.9.8
atlassian:confluence_server	atlassian confluence server	eq	5.9.9

Rows per page:

1-10 of 171

References

packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html

www.securityfocus.com/archive/1/539530/100/0/threaded

www.securityfocus.com/bid/93159

confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html

confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html

confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for CVE-2016-6668

atlassian8 cvelist1 nvd1 prion1