CVE-2018-1000418
- EPSS 0.21%
- Veröffentlicht 09.01.2019 23:29:02
- Zuletzt bearbeitet 21.11.2024 03:40:01
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specifi...
CVE-2018-1000419
- EPSS 0.26%
- Veröffentlicht 09.01.2019 23:29:02
- Zuletzt bearbeitet 21.11.2024 03:40:02
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.
CVE-2017-14586
- EPSS 2.51%
- Veröffentlicht 27.11.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.
CVE-2017-8058
- EPSS 0.12%
- Veröffentlicht 05.05.2017 07:29:01
- Zuletzt bearbeitet 20.04.2025 01:37:25
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
CVE-2015-5603
- EPSS 82.53%
- Veröffentlicht 21.09.2015 19:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."