Vulnerabilities for Hipchat (...) - CXSECURITY.COM

Vulnerabilities for 'Hipchat'

2019-01-09

CVE-2018-1000419

CWE-200

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.

CVE-2018-1000418

CWE-255

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

2017-05-05

CVE-2017-8058

Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.

2015-09-21

CVE-2015-5603

CWE-94

The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."

>>> Vendor: Atlassian 44 Products

Jira service desk

Jira integration for hipchat

Bitbucket auto unapprove plugin

Bitbucket server

Floodlight controller

Application links

Universal plugin manager

Jira service desk server

Troubleshooting and support

Saml single sign on

Subversion application lifecycle management

Jira software data center

Navigator links

Alfresco enterprise content management

Connect express

Connect spring boot

Jira server and data center

Jira service management

Confluence data center

Confluence server

Bitbucket data center

Jira data center

Assets discovery data server

Assets discovery data center

Assets discovery cloud

Copyright 2024, cxsecurity.com