CVE-2017-8080

CWE-434 — Unrestricted File Upload11 documents6 sources

Severity

8.8HIGH

EPSS

1.6%

top 18.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Hipchat Server

Timeline

PublishedMay 5

Latest updateMay 13

Description

Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDatlassian/hipchat_server2.2.3

Patches

Patch: jira.atlassian.com ↗Patch: jira.atlassian.com ↗

🔴Vulnerability Details

GHSA

GHSA-46fx-cqxp-c48j: Atlassian Hipchat Server before 2↗2022-05-13

▶

CVEList

CVE-2017-8080: Atlassian Hipchat Server before 2↗2017-05-05

▶

💥Exploits & PoCs

Exploit-DB

WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal↗2021-03-22

▶

Exploit-DB

HP Intelligent Management - Java Deserialization Remote Code Execution (Metasploit)↗2018-12-04

▶

Exploit-DB

Microsoft Windows .NET Framework - Remote Code Execution↗2017-09-13

▶

Exploit-DB

Evostream Media Server 1.7.1 (x64) - Denial of Service↗2017-03-07

▶

Exploit-DB

Grails PDF Plugin 0.6 - XML External Entity Injection↗2017-02-21

▶

💬Community

HackerOne

CVE-2017-13090 wget heap smash↗2019-11-12

▶

HackerOne

CVE-2017-13089 wget stack smash↗2019-11-12

▶