8.8
CVE-2017-8080
- EPSS 2.55%
- Veröffentlicht 05.05.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAtlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atlassian ≫ Hipchat Server Version <= 2.2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.55% | 0.83 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
http://www.securityfocus.com/bid/98262
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html
https://jira.atlassian.com/browse/HCPUB-2980