Exploit the possiblities

Hipchat For Mac 4.x Remote Code Execution

Hipchat For Mac 4.x Remote Code Execution
Posted Nov 29, 2017
Authored by Matthew Hart

Hipchat for Mac desktop client versions prior to 4.30 suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2017-14586
MD5 | bc9f76c16c2234a3266f91910a0c367f

Hipchat For Mac 4.x Remote Code Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This email refers to the advisory found at
https://confluence.atlassian.com/x/NXEGO .


CVE ID:

* CVE-2017-14586.


Product: Hipchat for Mac desktop client.

Affected Hipchat for Mac desktop client product versions:

4.0 <= version < 4.30


Fixed Hipchat for Mac desktop client product versions:

* Hipchat for Mac desktop client 4.30 has been released with a fix for this
issue.


Summary:
This advisory discloses a critical severity security vulnerability that was
introduced in version 4.0 of Hipchat for Mac desktop client. Versions of Hipchat
for Mac desktop client starting with versions of Hipchat for Mac desktop client
from 4.0 but less than 4.30 (the fixed version) are affected by this
vulnerability.

Customers who have upgraded Hipchat for Mac desktop client to version 4.30 are
not affected.

Customers who have downloaded and installed Hipchat for Mac desktop client >=
4.0 but less than 4.30 please upgrade your Hipchat for Mac desktop client
installations immediately to fix this vulnerability.


Remote code execution in HipChat for Mac desktop client - CVE-2017-14586

Severity:
Atlassian rates the severity level of this vulnerability as critical, according
to the scale published in our Atlassian severity levels. The scale allows us to
rank the severity as critical, high, moderate or low.
This is our assessment and you should evaluate its applicability to your own IT
environment.


Description:

The Hipchat for Mac desktop client is vulnerable to client-side remote code
execution via video call link parsing.

Versions of Hipchat for Mac desktop client starting with versions of Hipchat for
Mac desktop client from 4.0 but less than 4.30 (the fixed version) are affected
by this vulnerability. This issue can be tracked at:
https://jira.atlassian.com/browse/HCPUB-3473? .


Fix:
To address this issue, we've released the following versions containing a fix:

* Hipchat for Mac desktop client version 4.30


Remediation:
Upgrade Hipchat for Mac desktop client to version 4.30 or higher.

The vulnerabilities and fix versions are described above. If affected, you
should upgrade to the latest version immediately.

For a full description of the latest version of Hipchat for Mac desktop client,
see the release notes found at
https://www.hipchat.com/release_notes/mac. You can
download the latest version of Hipchat for Mac desktop client from the download
centre found at https://www.hipchat.com/downloads#mac.

Support:
If you have questions or concerns regarding this advisory, please raise a
support request at https://support.atlassian.com/.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJaF5WmAAoJECQgl6K8Unag2T8P/3ogJA7Q5WpkwsVpxja4eX+U
5NUpA0wGOCJfEceZfLDnEWOcL9wh3VAqDBHojZlV+kogYMACKItuf+T9Hh6q6gqi
esJykgAumYi0gNmC1dbk801tb4VK59K4tgtzFS523ARy1/uglNah0JlPEP89BOoq
n7jwb5Ox2Hb+RYuktvAnZQdfxV6151ayeqB9GFpGr5w4xDh3HwdaOO28aVK0lfvF
KjA7e0NT7k7Ghf6cQOHcLGcGfrle5SmMmz5iQQm41fUY1nnfFRVpBOVTZEZTGe+8
8maKgzK2f5IdAwcqMGgkvGn3b7BkoG0da4M5QRdGx3gvrNWPRuU4rf4S5Og0L8OE
ABR0ygi7NJy4sY69KTl/I9Y30nW9I9xiXGoaTus+iWA48j3HH6YPaI/vsZp+hEc7
O5EPLcdQVM6JUofzmF0pDHjaupliXNsXJllEf2fn1rAvkN67mCE/h3QJVkSrQPtG
Dv6bwpHxfGIHWSEV0+Rxenl7AfM5phb4ymTsyWWuG9D9lOOKO6JVrYZsOmT9n22v
FPPUAza1Lin2CuloGuM9h4Od4ZVkQlTtd3QKRkrMJWxzjh23/0xIfFa/wFTtkktm
uKZF9gyHzEOVB2CuHIexLZLAePgmKfiPzkQ626I0rHWU57QeoAcFX5QUNCNmM3YC
wM8G/9hq+2ED7zClXRLQ
=RCIT
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    16 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    16 Files
  • 23
    Feb 23rd
    31 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close