CVE-2017-7357 Information

Description

Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Reference

http://www.securityfocus.com/archive/1/540410/100/0/threaded http://www.securityfocus.com/bid/97621 https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-12-887732597.html https://jira.atlassian.com/browse/HCPUB-2903

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.1