Vulnerability Details CVE-2017-14586
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/bid/101947
- https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html
- https://jira.atlassian.com/browse/HCPUB-3473
- http://www.securityfocus.com/bid/101947
- https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html
- https://jira.atlassian.com/browse/HCPUB-3473
Products affected by CVE-2017-14586
-
cpe:2.3:a:atlassian:hipchat:4.0
-
cpe:2.3:a:atlassian:hipchat:4.0.10
-
cpe:2.3:a:atlassian:hipchat:4.0.12
-
cpe:2.3:a:atlassian:hipchat:4.0.4
-
cpe:2.3:a:atlassian:hipchat:4.0.5
-
cpe:2.3:a:atlassian:hipchat:4.0.6
-
cpe:2.3:a:atlassian:hipchat:4.0.8
-
cpe:2.3:a:atlassian:hipchat:4.24.0
-
cpe:2.3:a:atlassian:hipchat:4.25.0
-
cpe:2.3:a:atlassian:hipchat:4.26.0
-
cpe:2.3:a:atlassian:hipchat:4.26.1
-
cpe:2.3:a:atlassian:hipchat:4.27.0
-
cpe:2.3:a:atlassian:hipchat:4.28.0
-
cpe:2.3:a:atlassian:hipchat:4.28.1
-
cpe:2.3:a:atlassian:hipchat:4.29.0