CVE-2017-14585
Summary
| CVE | CVE-2017-14585 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-11-27 16:29:00 UTC |
| Updated | 2017-12-20 23:37:00 UTC |
| Description | A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. |
Risk And Classification
Problem Types: CWE-918
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Atlassian | Hipchat Data Center | All | All | All | All |
| Application | Atlassian | Hipchat Data Center | All | All | All | All |
| Application | Atlassian | Hipchat Server | All | All | All | All |
| Application | Atlassian | Hipchat Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [HCPUB-3526] Remote code execution in HipChat Server and Data Center via SSRF in 'admin' interface - CVE-2017-14585 - Create and track feature requests for Atlassian products. | CONFIRM | jira.atlassian.com | Issue Tracking, Vendor Advisory |
| Hipchat Server Security Advisory 2017-11-22 - Atlassian Documentation | CONFIRM | confluence.atlassian.com | Vendor Advisory |
| Atlassian Hipchat Server and Data Center CVE-2017-14585 Remote Code Execution Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.