Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtMatthew Hart1337DAY-ID-29086
HistoryNov 30, 2017 - 12:00 a.m.

Hipchat For Mac 4.x Remote Code Execution Vulnerability

2017-11-3000:00:00
Matthew Hart
0day.today
30

EPSS

0.017

Percentile

87.8%

JSON

Hipchat for Mac desktop client versions prior to 4.30 suffer from a remote code execution vulnerability.

Hipchat For Mac 4.x Remote Code Execution

* CVE-2017-14586.

Product: Hipchat for Mac desktop client.

Affected Hipchat for Mac desktop client product versions:

4.0 <= version < 4.30


Fixed Hipchat for Mac desktop client product versions:

* Hipchat for Mac desktop client 4.30 has been released with a fix for this
issue.


Summary:
This advisory discloses a critical severity security vulnerability that was
introduced in version 4.0 of Hipchat for Mac desktop client. Versions of Hipchat
for Mac desktop client starting with versions of Hipchat for Mac desktop client
from 4.0 but less than 4.30 (the fixed version) are affected by this
vulnerability.

Customers who have upgraded Hipchat for Mac desktop client to version 4.30 are
not affected.

Customers who have downloaded and installed Hipchat for Mac desktop client >=
4.0 but less than 4.30 please upgrade your Hipchat for Mac desktop client
installations immediately to fix this vulnerability.


Remote code execution in HipChat for Mac desktop client - CVE-2017-14586

Severity:
Atlassian rates the severity level of this vulnerability as critical, according
to the scale published in our Atlassian severity levels. The scale allows us to
rank the severity as critical, high, moderate or low.
This is our assessment and you should evaluate its applicability to your own IT
environment.


Description:

The Hipchat for Mac desktop client is vulnerable to client-side remote code
execution via video call link parsing.

Versions of Hipchat for Mac desktop client starting with versions of Hipchat for
Mac desktop client from 4.0 but less than 4.30 (the fixed version) are affected
by this vulnerability. This issue can be tracked at:
https://jira.atlassian.com/browse/HCPUB-3473? .


Fix:
To address this issue, we've released the following versions containing a fix:

* Hipchat for Mac desktop client version 4.30


Remediation:
Upgrade Hipchat for Mac desktop client to version 4.30 or higher.

The vulnerabilities and fix versions are described above. If affected, you
should upgrade to the latest version immediately.

For a full description of the latest version of Hipchat for Mac desktop client,
see the release notes found at
https://www.hipchat.com/release_notes/mac. You can
download the latest version of Hipchat for Mac desktop client from the download
centre found at https://www.hipchat.com/downloads#mac.

Support:
If you have questions or concerns regarding this advisory, please raise a
support request at https://support.atlassian.com/.

#  0day.today [2018-01-08]  #

Related

nvd 1
cvelist 1
cve 1
prion 1
nvd
nvd
CVE-2017-14586
2017-11-27 16:29:00
cvelist
cvelist
CVE-2017-14586
2017-11-27 16:00:00
cve
cve
CVE-2017-14586
2017-11-27 16:29:00
prion
prion
Remote code execution
2017-11-27 16:29:00

EPSS

0.017

Percentile

87.8%

JSON
Related for 1337DAY-ID-29086
nvd1cvelist1cve1prion1