CVE-2016-6668

Published on: 01/23/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Certain versions of Confluence from Atlassian contain the following vulnerability:

The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.

  • CVE-2016-6668 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
JIRA and HipChat for JIRA plugin Security Advisory 2016-09-21 - Atlassian Documentation Vendor Advisory
confluence.atlassian.com
text/html
URL Logo CONFIRM confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html
SecurityFocus www.securityfocus.com
text/html
URL Logo BUGTRAQ 20161006 September 2016 - HipChat Plugin for various products - Critical Security Advisory
Bitbucket Server security advisory 2016-09-21 - Atlassian Documentation Vendor Advisory
confluence.atlassian.com
text/html
URL Logo CONFIRM confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html
Confluence Security Advisory - 2016-09-21 - Atlassian Documentation Vendor Advisory
confluence.atlassian.com
text/html
URL Logo CONFIRM confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html
Atlassian HipChat Secret Key Disclosure ≈ Packet Storm Third Party Advisory
VDB Entry
packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html
Atlassian HipChat Plugin CVE-2016-6668 Information Disclosure Vulnerability cve.report (archive)
text/html
URL Logo BID 93159

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationAtlassianConfluence5.10.0AllAllAll
ApplicationAtlassianConfluence5.10.1AllAllAll
ApplicationAtlassianConfluence5.10.2AllAllAll
ApplicationAtlassianConfluence5.10.3AllAllAll
ApplicationAtlassianConfluence5.5.0AllAllAll
ApplicationAtlassianConfluence5.9.1AllAllAll
ApplicationAtlassianConfluence5.9.10AllAllAll
ApplicationAtlassianConfluence5.9.11AllAllAll
ApplicationAtlassianConfluence5.9.12AllAllAll
ApplicationAtlassianConfluence5.9.2AllAllAll
ApplicationAtlassianConfluence5.9.3AllAllAll
ApplicationAtlassianConfluence5.9.4AllAllAll
ApplicationAtlassianConfluence5.9.5AllAllAll
ApplicationAtlassianConfluence5.9.6AllAllAll
ApplicationAtlassianConfluence5.9.7AllAllAll
ApplicationAtlassianConfluence5.9.8AllAllAll
ApplicationAtlassianConfluence5.9.9AllAllAll
ApplicationAtlassianConfluence5.10.0AllAllAll
ApplicationAtlassianConfluence5.10.1AllAllAll
ApplicationAtlassianConfluence5.10.2AllAllAll
ApplicationAtlassianConfluence5.10.3AllAllAll
ApplicationAtlassianConfluence5.5.0AllAllAll
ApplicationAtlassianConfluence5.9.1AllAllAll
ApplicationAtlassianConfluence5.9.10AllAllAll
ApplicationAtlassianConfluence5.9.11AllAllAll
ApplicationAtlassianConfluence5.9.12AllAllAll
ApplicationAtlassianConfluence5.9.2AllAllAll
ApplicationAtlassianConfluence5.9.3AllAllAll
ApplicationAtlassianConfluence5.9.4AllAllAll
ApplicationAtlassianConfluence5.9.5AllAllAll
ApplicationAtlassianConfluence5.9.6AllAllAll
ApplicationAtlassianConfluence5.9.7AllAllAll
ApplicationAtlassianConfluence5.9.8AllAllAll
ApplicationAtlassianConfluence5.9.9AllAllAll
ApplicationAtlassianJira Integration For Hipchat6.26.0AllAllAll
ApplicationAtlassianJira Integration For Hipchat6.26.10AllAllAll
ApplicationAtlassianJira Integration For Hipchat6.29.1AllAllAll
ApplicationAtlassianJira Integration For Hipchat6.29.2AllAllAll
ApplicationAtlassianJira Integration For Hipchat6.31.0AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.1.0AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.2.1AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.3.2AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.3.3AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.4.1AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.8.1AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.8.12AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.8.3AllAllAll
ApplicationAtlassianJira Integration For Hipchat6.26.0AllAllAll
ApplicationAtlassianJira Integration For Hipchat6.26.10AllAllAll
ApplicationAtlassianJira Integration For Hipchat6.29.1AllAllAll
ApplicationAtlassianJira Integration For Hipchat6.29.2AllAllAll
ApplicationAtlassianJira Integration For Hipchat6.31.0AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.1.0AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.2.1AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.3.2AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.3.3AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.4.1AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.8.1AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.8.12AllAllAll
ApplicationAtlassianJira Integration For Hipchat7.8.3AllAllAll
  • cpe:2.3:a:atlassian:confluence:5.10.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.10.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.10.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.10.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.10.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.10.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.10.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.10.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:confluence:5.9.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.31.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.4.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.31.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.4.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.3:*:*:*:*:*:*:*: