Vulners
Lucene search
Hipchat Remote Code Execution Vulnerability
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | Hipchat Server Arbitrary Code Execution Vulnerability | 10 May 201700:00 | – | cnvd |
 | CVE-2017-7357 | 14 Apr 201718:00 | – | cve |
 | CVE-2017-7357 | 14 Apr 201718:00 | – | cvelist |
 | EUVD-2017-16384 | 7 Oct 202500:30 | – | euvd |
 | CVE-2017-7357 | 14 Apr 201718:59 | – | nvd |
 | CVE-2017-7357 | 14 Apr 201718:59 | – | osv |
 | Arbitrary file deletion | 14 Apr 201718:59 | – | prion |
CVE ID:
* CVE-2017-7357.
Product: Hipchat Server.
Affected Hipchat Server product versions:
All versions < 2.2.3
Fixed Hipchat Server product versions:
2.2.3
Summary:
This advisory discloses a critical severity security vulnerability
that was introduced in version 1.0 of Hipchat Server. Versions of
Hipchat Server starting with versions of Hipchat Server from 1.0 but
less than 2.2.3 (the fixed version), are affected by this
vulnerability. are affected by this vulnerability.
HipChat Cloud instances aren't affected by the issue described in this email.
Customers who have upgraded Hipchat Server to version 2.2.3 are not affected.
Customers who have downloaded and installed any version less than
2.2.3 please upgrade your Hipchat Server installations immediately to
fix this vulnerability.
Remote Code Execution via Administrative Imports (CVE-2017-7357)
Severity:
Atlassian rates the severity level of this vulnerability as critical,
according to the scale published in our Atlassian severity levels. The
scale allows us to rank the severity as critical, high, moderate or
low.
This is an independent assessment and you should evaluate its
applicability to your own IT environment.
Description:
An attacker with Server Administrator level privileges could gain
Remote Code Execution via a malicious file importation.
All versions of Hipchat Server starting with versions of Hipchat
Server from 1.0 but less than 2.2.3 (the fixed version), are affected
by this vulnerability. are affected by this vulnerability. are
affected by this vulnerability. This issue can be tracked at:
https://jira.atlassian.com/browse/HCPUB-2903 .
Fix:
To address this issue, we've released the following versions containing a fix:
* Hipchat Server version 2.2.3
Remediation:
Upgrade Hipchat Server to version 2.2.3 or higher.
The vulnerabilities and fix versions are described above. If affected,
you should upgrade to the latest version immediately.
For a full description of the latest version of Hipchat Server, see
the release notes found at
https://confluence.atlassian.com/display/hc/hipchat+server+Release+Notes.
You can download the latest version of Hipchat Server from the
download centre found at https://www.hipchat.com/server/get-it.
# 0day.today [2018-03-12] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Apr 2017 00:00Current
9.5High risk
Vulners AI Score9.5
EPSS0.0216