CVE-2017-14586

The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
atlassianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
atlassianhipchat
4.0 ≤
𝑥
< 4.30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/101947
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html
https://jira.atlassian.com/browse/HCPUB-3473
http://www.securityfocus.com/bid/101947
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html
https://jira.atlassian.com/browse/HCPUB-3473