Vulnerabilities > Atlassian > Hipchat

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-1000419 Unspecified vulnerability in Atlassian Hipchat
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.
network
low complexity
atlassian
6.5
6.5
2019-01-09 CVE-2018-1000418 Incorrect Authorization vulnerability in Atlassian Hipchat
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
atlassian CWE-863
8.8
8.8
2017-11-27 CVE-2017-14586 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Atlassian Hipchat
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing.
network
low complexity
atlassian CWE-119
critical
 9.8
9.8
2017-05-05 CVE-2017-8058 Improper Certificate Validation vulnerability in Atlassian Hipchat 3.16.1
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
network
high complexity
atlassian CWE-295
5.9
5.9