Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-5603Code Injection in Atlassian Hipchat

CWE-94Code Injection5 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
82.5%
top 0.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Atlassian Hipchat
Timeline
PublishedSep 21
Latest updateMay 14

Description

The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDatlassian/hipchat6.29.2

🔴Vulnerability Details

2
GHSA
GHSA-2v3r-wf43-c9gh: The HipChat for JIRA plugin before 62022-05-14
CVEList
CVE-2015-5603: The HipChat for JIRA plugin before 62015-09-21

💥Exploits & PoCs

2
Exploit-DB
Atlassian HipChat for Jira Plugin - Velocity Template Injection (Metasploit)2015-12-08
Exploit-DB
JIRA and HipChat for JIRA Plugin - Velocity Template Injection2015-10-28
CVE-2015-5603 — Code Injection in Atlassian Hipchat | cvebase