Twenty Year Anniversary

Hipchat For Mac 4.x Remote Code Execution

Hipchat For Mac 4.x Remote Code Execution
Posted Nov 29, 2017
Authored by Matthew Hart

Hipchat for Mac desktop client versions prior to 4.30 suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2017-14586
MD5 | bc9f76c16c2234a3266f91910a0c367f

Hipchat For Mac 4.x Remote Code Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This email refers to the advisory found at
https://confluence.atlassian.com/x/NXEGO .


CVE ID:

* CVE-2017-14586.


Product: Hipchat for Mac desktop client.

Affected Hipchat for Mac desktop client product versions:

4.0 <= version < 4.30


Fixed Hipchat for Mac desktop client product versions:

* Hipchat for Mac desktop client 4.30 has been released with a fix for this
issue.


Summary:
This advisory discloses a critical severity security vulnerability that was
introduced in version 4.0 of Hipchat for Mac desktop client. Versions of Hipchat
for Mac desktop client starting with versions of Hipchat for Mac desktop client
from 4.0 but less than 4.30 (the fixed version) are affected by this
vulnerability.

Customers who have upgraded Hipchat for Mac desktop client to version 4.30 are
not affected.

Customers who have downloaded and installed Hipchat for Mac desktop client >=
4.0 but less than 4.30 please upgrade your Hipchat for Mac desktop client
installations immediately to fix this vulnerability.


Remote code execution in HipChat for Mac desktop client - CVE-2017-14586

Severity:
Atlassian rates the severity level of this vulnerability as critical, according
to the scale published in our Atlassian severity levels. The scale allows us to
rank the severity as critical, high, moderate or low.
This is our assessment and you should evaluate its applicability to your own IT
environment.


Description:

The Hipchat for Mac desktop client is vulnerable to client-side remote code
execution via video call link parsing.

Versions of Hipchat for Mac desktop client starting with versions of Hipchat for
Mac desktop client from 4.0 but less than 4.30 (the fixed version) are affected
by this vulnerability. This issue can be tracked at:
https://jira.atlassian.com/browse/HCPUB-3473? .


Fix:
To address this issue, we've released the following versions containing a fix:

* Hipchat for Mac desktop client version 4.30


Remediation:
Upgrade Hipchat for Mac desktop client to version 4.30 or higher.

The vulnerabilities and fix versions are described above. If affected, you
should upgrade to the latest version immediately.

For a full description of the latest version of Hipchat for Mac desktop client,
see the release notes found at
https://www.hipchat.com/release_notes/mac. You can
download the latest version of Hipchat for Mac desktop client from the download
centre found at https://www.hipchat.com/downloads#mac.

Support:
If you have questions or concerns regarding this advisory, please raise a
support request at https://support.atlassian.com/.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJaF5WmAAoJECQgl6K8Unag2T8P/3ogJA7Q5WpkwsVpxja4eX+U
5NUpA0wGOCJfEceZfLDnEWOcL9wh3VAqDBHojZlV+kogYMACKItuf+T9Hh6q6gqi
esJykgAumYi0gNmC1dbk801tb4VK59K4tgtzFS523ARy1/uglNah0JlPEP89BOoq
n7jwb5Ox2Hb+RYuktvAnZQdfxV6151ayeqB9GFpGr5w4xDh3HwdaOO28aVK0lfvF
KjA7e0NT7k7Ghf6cQOHcLGcGfrle5SmMmz5iQQm41fUY1nnfFRVpBOVTZEZTGe+8
8maKgzK2f5IdAwcqMGgkvGn3b7BkoG0da4M5QRdGx3gvrNWPRuU4rf4S5Og0L8OE
ABR0ygi7NJy4sY69KTl/I9Y30nW9I9xiXGoaTus+iWA48j3HH6YPaI/vsZp+hEc7
O5EPLcdQVM6JUofzmF0pDHjaupliXNsXJllEf2fn1rAvkN67mCE/h3QJVkSrQPtG
Dv6bwpHxfGIHWSEV0+Rxenl7AfM5phb4ymTsyWWuG9D9lOOKO6JVrYZsOmT9n22v
FPPUAza1Lin2CuloGuM9h4Od4ZVkQlTtd3QKRkrMJWxzjh23/0xIfFa/wFTtkktm
uKZF9gyHzEOVB2CuHIexLZLAePgmKfiPzkQ626I0rHWU57QeoAcFX5QUNCNmM3YC
wM8G/9hq+2ED7zClXRLQ
=RCIT
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    7 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close