Hipchat Security Vulnerabilities and Issues — Hipchat CVE List

Lucene search

AtlassianHipchat

5 matches found

CVE•added 2015/09/21 7:59 p.m.•70 views

CVE-2015-5603

The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."

6.5CVSS7.5AI score0.83417EPSS

CVE•added 2019/01/09 11:29 p.m.•54 views

CVE-2018-1000418

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another metho...

8.8CVSS8.5AI score0.00214EPSS

CVE•added 2019/01/09 11:29 p.m.•47 views

CVE-2018-1000419

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.

6.5CVSS6.3AI score0.00259EPSS

CVE•added 2017/11/27 4:29 p.m.•41 views

CVE-2017-14586

The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.

9.8CVSS9.7AI score0.02514EPSS

CVE•added 2017/05/05 7:29 a.m.•39 views

CVE-2017-8058

Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.

5.9CVSS5.2AI score0.00115EPSS