CVE-2017-7357

Опубликовано: 14 апр. 2017

Источник: nvd

CVSS3: 9.1

CVSS2: 6.5

EPSS Низкий

Описание

Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.

Ссылки

http://www.securityfocus.com/archive/1/540410/100/0/threaded
http://www.securityfocus.com/bid/97621
Third Party Advisory
VDB Entry
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html
Vendor Advisory
https://jira.atlassian.com/browse/HCPUB-2903
Issue Tracking
Patch
http://www.securityfocus.com/archive/1/540410/100/0/threaded
http://www.securityfocus.com/bid/97621
Third Party Advisory
VDB Entry
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html
Vendor Advisory
https://jira.atlassian.com/browse/HCPUB-2903
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:hipchat_server:*:*:*:*:*:*:*:*

Версия до 2.2.2 (включая)

EPSS

Процентиль: 84%

0.0216

Низкий

9.1 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-r477-2fhj-xjjw