Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-1000418 | 1 Atlassian | 1 Hipchat | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2018-1000419 | 1 Atlassian | 1 Hipchat | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | |||||
CVE-2017-14586 | 1 Atlassian | 1 Hipchat | 2020-08-12 | 7.5 HIGH | 9.8 CRITICAL |
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability. | |||||
CVE-2015-5603 | 1 Atlassian | 1 Hipchat | 2018-10-09 | 6.5 MEDIUM | N/A |
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." | |||||
CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. |