本ページは atlassian hipchat に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2018-1000419 | An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | [email protected] | 6.5 | 1.64% | 2019-01-09 | 2026-06-16 |
| CVE-2018-1000418 | An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | [email protected] | 8.8 | 1.06% | 2019-01-09 | 2026-06-16 |
| CVE-2017-14586 | The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability. | [email protected] | 9.8 | 3.50% | 2017-11-27 | 2026-06-16 |
| CVE-2017-8058 | Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | [email protected] | 5.9 | 0.58% | 2017-05-05 | 2026-06-16 |
| CVE-2015-5603 | The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." | [email protected] | 6.5 | 59.31% | 2015-09-21 | 2026-06-16 |