This page lists publicly disclosed CVE vulnerabilities affecting atlassian hipchat (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-1000419 | An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | [email protected] | 6.5 | 0.27% | 2019-01-09 | 2024-11-21 |
| CVE-2018-1000418 | An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | [email protected] | 8.8 | 0.23% | 2019-01-09 | 2024-11-21 |
| CVE-2017-14586 | The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability. | [email protected] | 9.8 | 2.51% | 2017-11-27 | 2026-05-13 |
| CVE-2017-8058 | Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | [email protected] | 5.9 | 0.11% | 2017-05-05 | 2026-05-13 |
| CVE-2015-5603 | The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." | [email protected] | 6.5 | 76.35% | 2015-09-21 | 2026-05-06 |