CVE-2017-14585

Published: Nov 27, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-6086 Aliases: GSD-2017-14585
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,2
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 9,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: complete
Integrity: complete
Availability: complete

Description

AI Translation Available

A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0175
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

918

Server-Side Request Forgery (SSRF)

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control
Potential Impacts:
Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism
Applicable Platforms
Technologies: AI/ML, Web Based, Web Server
View CWE Details
Application

Hipchat Server by Atlassian

Product Information
Vendor Atlassian
Product Hipchat Server
Version Range Affected
From 2.2.0 (inclusive)
To 2.2.6 (exclusive)
cpe:2.3:a:atlassian:hipchat_server:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Hipchat Data Center by Atlassian

Product Information
Vendor Atlassian
Product Hipchat Data Center
Version Range Affected
From 3.0.0 (inclusive)
To 3.1.0 (exclusive)
cpe:2.3:a:atlassian:hipchat_data_center:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://confluence.atlassian.com/hc/hipchat-server-security…
Vendor Advisory
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22…
https://jira.atlassian.com/browse/HCPUB-3526
Issue Tracking Vendor Advisory
https://jira.atlassian.com/browse/HCPUB-3526
http://www.securityfocus.com/bid/101945
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101945
https://confluence.atlassian.com/hc/hipchat-server-security…
Vendor Advisory
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22…
https://jira.atlassian.com/browse/HCPUB-3526
Issue Tracking Vendor Advisory
https://jira.atlassian.com/browse/HCPUB-3526
http://www.securityfocus.com/bid/101945
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101945