Vulnerabilities (CVE)

Filtered by vendor Atlassian Subscribe
Filtered by product Hipchat
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1000418 1 Atlassian 1 Hipchat 2020-08-24 4.0 MEDIUM 8.8 HIGH
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2018-1000419 1 Atlassian 1 Hipchat 2020-08-24 4.0 MEDIUM 6.5 MEDIUM
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.
CVE-2017-14586 1 Atlassian 1 Hipchat 2020-08-12 7.5 HIGH 9.8 CRITICAL
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.
CVE-2015-5603 1 Atlassian 1 Hipchat 2018-10-09 6.5 MEDIUM N/A
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
CVE-2017-8058 1 Atlassian 1 Hipchat 2017-05-16 4.3 MEDIUM 5.9 MEDIUM
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.