CVE-2017-8080

Опубликовано: 05 мая 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.

Ссылки

http://www.securityfocus.com/bid/98262
Third Party Advisory
VDB Entry
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html
Vendor Advisory
https://jira.atlassian.com/browse/HCPUB-2980
Issue Tracking
Patch
http://www.securityfocus.com/bid/98262
Third Party Advisory
VDB Entry
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html
Vendor Advisory
https://jira.atlassian.com/browse/HCPUB-2980
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:hipchat_server:*:*:*:*:*:*:*:*

Версия до 2.2.3 (включая)

EPSS

Процентиль: 81%

0.01598

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-46fx-cqxp-c48j