Vulnerability Details CVE-2016-6668
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 79.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html
- http://www.securityfocus.com/archive/1/539530/100/0/threaded
- http://www.securityfocus.com/bid/93159
- https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html
- https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html
- https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html
- http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html
- http://www.securityfocus.com/archive/1/539530/100/0/threaded
- http://www.securityfocus.com/bid/93159
- https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html
- https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html
- https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html
Products affected by CVE-2016-6668
-
cpe:2.3:a:atlassian:confluence_server:5.10.0
-
cpe:2.3:a:atlassian:confluence_server:5.10.1
-
cpe:2.3:a:atlassian:confluence_server:5.10.2
-
cpe:2.3:a:atlassian:confluence_server:5.10.3
-
cpe:2.3:a:atlassian:confluence_server:5.5.0
-
cpe:2.3:a:atlassian:confluence_server:5.9.1
-
cpe:2.3:a:atlassian:confluence_server:5.9.10
-
cpe:2.3:a:atlassian:confluence_server:5.9.11
-
cpe:2.3:a:atlassian:confluence_server:5.9.12
-
cpe:2.3:a:atlassian:confluence_server:5.9.2
-
cpe:2.3:a:atlassian:confluence_server:5.9.3
-
cpe:2.3:a:atlassian:confluence_server:5.9.4
-
cpe:2.3:a:atlassian:confluence_server:5.9.5
-
cpe:2.3:a:atlassian:confluence_server:5.9.6
-
cpe:2.3:a:atlassian:confluence_server:5.9.7
-
cpe:2.3:a:atlassian:confluence_server:5.9.8
-
cpe:2.3:a:atlassian:confluence_server:5.9.9
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.0
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.10
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.1
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.2
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.31.0
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.1.0
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.2.1
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.2
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.3
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.4.1
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.1
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.12
-
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.3