Twenty Year Anniversary

Hipchat For Mac 4.x Remote Code Execution

Hipchat For Mac 4.x Remote Code Execution
Posted Nov 29, 2017
Authored by Matthew Hart

Hipchat for Mac desktop client versions prior to 4.30 suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2017-14586
MD5 | bc9f76c16c2234a3266f91910a0c367f

Hipchat For Mac 4.x Remote Code Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This email refers to the advisory found at
https://confluence.atlassian.com/x/NXEGO .


CVE ID:

* CVE-2017-14586.


Product: Hipchat for Mac desktop client.

Affected Hipchat for Mac desktop client product versions:

4.0 <= version < 4.30


Fixed Hipchat for Mac desktop client product versions:

* Hipchat for Mac desktop client 4.30 has been released with a fix for this
issue.


Summary:
This advisory discloses a critical severity security vulnerability that was
introduced in version 4.0 of Hipchat for Mac desktop client. Versions of Hipchat
for Mac desktop client starting with versions of Hipchat for Mac desktop client
from 4.0 but less than 4.30 (the fixed version) are affected by this
vulnerability.

Customers who have upgraded Hipchat for Mac desktop client to version 4.30 are
not affected.

Customers who have downloaded and installed Hipchat for Mac desktop client >=
4.0 but less than 4.30 please upgrade your Hipchat for Mac desktop client
installations immediately to fix this vulnerability.


Remote code execution in HipChat for Mac desktop client - CVE-2017-14586

Severity:
Atlassian rates the severity level of this vulnerability as critical, according
to the scale published in our Atlassian severity levels. The scale allows us to
rank the severity as critical, high, moderate or low.
This is our assessment and you should evaluate its applicability to your own IT
environment.


Description:

The Hipchat for Mac desktop client is vulnerable to client-side remote code
execution via video call link parsing.

Versions of Hipchat for Mac desktop client starting with versions of Hipchat for
Mac desktop client from 4.0 but less than 4.30 (the fixed version) are affected
by this vulnerability. This issue can be tracked at:
https://jira.atlassian.com/browse/HCPUB-3473? .


Fix:
To address this issue, we've released the following versions containing a fix:

* Hipchat for Mac desktop client version 4.30


Remediation:
Upgrade Hipchat for Mac desktop client to version 4.30 or higher.

The vulnerabilities and fix versions are described above. If affected, you
should upgrade to the latest version immediately.

For a full description of the latest version of Hipchat for Mac desktop client,
see the release notes found at
https://www.hipchat.com/release_notes/mac. You can
download the latest version of Hipchat for Mac desktop client from the download
centre found at https://www.hipchat.com/downloads#mac.

Support:
If you have questions or concerns regarding this advisory, please raise a
support request at https://support.atlassian.com/.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJaF5WmAAoJECQgl6K8Unag2T8P/3ogJA7Q5WpkwsVpxja4eX+U
5NUpA0wGOCJfEceZfLDnEWOcL9wh3VAqDBHojZlV+kogYMACKItuf+T9Hh6q6gqi
esJykgAumYi0gNmC1dbk801tb4VK59K4tgtzFS523ARy1/uglNah0JlPEP89BOoq
n7jwb5Ox2Hb+RYuktvAnZQdfxV6151ayeqB9GFpGr5w4xDh3HwdaOO28aVK0lfvF
KjA7e0NT7k7Ghf6cQOHcLGcGfrle5SmMmz5iQQm41fUY1nnfFRVpBOVTZEZTGe+8
8maKgzK2f5IdAwcqMGgkvGn3b7BkoG0da4M5QRdGx3gvrNWPRuU4rf4S5Og0L8OE
ABR0ygi7NJy4sY69KTl/I9Y30nW9I9xiXGoaTus+iWA48j3HH6YPaI/vsZp+hEc7
O5EPLcdQVM6JUofzmF0pDHjaupliXNsXJllEf2fn1rAvkN67mCE/h3QJVkSrQPtG
Dv6bwpHxfGIHWSEV0+Rxenl7AfM5phb4ymTsyWWuG9D9lOOKO6JVrYZsOmT9n22v
FPPUAza1Lin2CuloGuM9h4Od4ZVkQlTtd3QKRkrMJWxzjh23/0xIfFa/wFTtkktm
uKZF9gyHzEOVB2CuHIexLZLAePgmKfiPzkQ626I0rHWU57QeoAcFX5QUNCNmM3YC
wM8G/9hq+2ED7zClXRLQ
=RCIT
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    14 Files
  • 15
    Dec 15th
    2 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    15 Files
  • 18
    Dec 18th
    9 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close