CVE-2016-6668 - Vulnerability Details

Vendors	Products
Atlassian	Confluence Server Jira Integration For Hipchat

Link	Providers
http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html
http://www.securityfocus.com/archive/1/539530/100/0/threaded
http://www.securityfocus.com/bid/93159
https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html
https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html
https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-21T00:00:00", "descriptions": [{"lang": "en", "value": "The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20161006 September 2016 - HipChat Plugin for various products - Critical Security Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/539530/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html"}, {"name": "93159", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93159"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6668", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20161006 September 2016 - HipChat Plugin for various products - Critical Security Advisory", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/539530/100/0/threaded"}, {"name": "https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html", "refsource": "CONFIRM", "url": "https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html"}, {"name": "https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html", "refsource": "CONFIRM", "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html"}, {"name": "93159", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93159"}, {"name": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html", "refsource": "CONFIRM", "url": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html"}, {"name": "http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:36:29.463Z"}, "title": "CVE Program Container", "references": [{"name": "20161006 September 2016 - HipChat Plugin for various products - Critical Security Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/539530/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html"}, {"name": "93159", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93159"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6668", "datePublished": "2017-01-23T21:00:00", "dateReserved": "2016-08-10T00:00:00", "dateUpdated": "2024-08-06T01:36:29.463Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-09-21T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-09T18:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : 20161006 September 2016 - HipChat Plugin for various products - Critical Security Advisory (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/539530/100/0/threaded (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html (string)

}

3 : { »

name : 93159 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/93159 (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2016-6668 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 20161006 September 2016 - HipChat Plugin for various products - Critical Security Advisory (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/539530/100/0/threaded (string)

}

1 : { »

name : https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html (string)

refsource : CONFIRM (string)

url : https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html (string)

}

2 : { »

name : https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html (string)

refsource : CONFIRM (string)

url : https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html (string)

}

3 : { »

name : 93159 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/93159 (string)

}

4 : { »

name : https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html (string)

refsource : CONFIRM (string)

url : https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html (string)

}

5 : { »

name : http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html (string)

refsource : MISC (string)

url : http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T01:36:29.463Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 20161006 September 2016 - HipChat Plugin for various products - Critical Security Advisory (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/539530/100/0/threaded (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html (string)

}

3 : { »

name : 93159 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/93159 (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2016-6668 (string)

datePublished : 2017-01-23T21:00:00 (string)

dateReserved : 2016-08-10T00:00:00 (string)

dateUpdated : 2024-08-06T01:36:29.463Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:confluence_server:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "351C6311-8084-42F3-B7A4-A8E53D73FF33", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "EAAC3596-B70A-49A8-9062-1501474A5365", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "93D84D4C-7376-4590-8BD7-933F94590C29", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "FA204C29-5582-46B3-8EA5-EA890598F5A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "499688C7-21F0-49E0-9E8F-CDD6D7C768A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "4014117A-31F3-4494-9239-6DDFB89DB805", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "9CA9632D-C9F1-448B-8FFD-90FEF0C1C228", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "0883B0DB-DF33-4B80-A870-690D8A794824", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "89276664-D60B-40C5-8837-8C4421EACEAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "DBC2ACC2-E9DA-4C01-9FFD-E23FC7AAC970", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "70460C0E-1BB6-491A-9897-6F1EB5C10BAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "A1C0E9A8-6031-4F92-A709-F98C23FF6307", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.9.12:*:*:*:*:*:*:*", "matchCriteriaId": "6594A7E7-169D-493A-966D-44E6229F9A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "755F76DA-E7D5-43A0-B441-E734B6A5AE96", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "FE134D2F-B6D7-4DD7-8D69-B44FD79A7E9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "FD51134D-388F-4698-8993-6D927659DF45", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:5.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "0F69A3AE-7B13-4223-8CFD-7C64D5729177", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED7EB5D9-41D2-4F5A-BB71-8965231E0E91", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.10:*:*:*:*:*:*:*", "matchCriteriaId": "3AF46F73-B274-4CAC-B09C-22B3922F8AE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.1:*:*:*:*:*:*:*", "matchCriteriaId": "BCA2BF59-2057-4D40-9D2D-167DCD65BB36", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.2:*:*:*:*:*:*:*", "matchCriteriaId": "22D74C92-6404-4423-A63E-D8FB73B93FCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F7E859E-FAB5-4814-92C0-EEAD91ED6C76", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A142C047-72E7-4A3B-A6D7-798111597569", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F08AE659-167E-478A-A8D4-376E6189C31F", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "798FABED-5F49-44C3-AB06-8AA9C5129F29", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "7D0E6E69-4C4C-4AB7-B5EC-98AC16538DB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "243FA02E-0878-4D6F-B421-19B25475A3FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "55AD904B-172D-4743-9424-620C0F8F4D11", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "B740B376-B549-4455-AFD9-0FB377707AB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "FDA633A3-6190-4CF9-B501-427151C90C1F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages."}, {"lang": "es", "value": "El Atlassian Hipchat Integration Plugin para Bitbucket Server 6.26.0 en versiones anteriores a 6.27.5, 6.28.0 en versiones anteriores a 7.3.7 y 7.4.0 en versiones anteriores a 7.8.17; pllugin HipChat para Confluence 6.26.0 en versiones anteriores a 7.8.17; y plugin HipChat para JIRA 6.26.0 en versiones anteriores a 7.8.17 permite a atacantes remotos obtener la clave secreta para comunicarse con instancias HipChat leyendo p\u00e1ginas no especificadas."}], "id": "CVE-2016-6668", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-23T21:59:02.360", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/539530/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93159"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/539530/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93159"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 351C6311-8084-42F3-B7A4-A8E53D73FF33 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.1:*:*:*:*:*:*:* (string)

matchCriteriaId : EAAC3596-B70A-49A8-9062-1501474A5365 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 93D84D4C-7376-4590-8BD7-933F94590C29 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.3:*:*:*:*:*:*:* (string)

matchCriteriaId : FA204C29-5582-46B3-8EA5-EA890598F5A5 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 499688C7-21F0-49E0-9E8F-CDD6D7C768A8 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 4014117A-31F3-4494-9239-6DDFB89DB805 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 9CA9632D-C9F1-448B-8FFD-90FEF0C1C228 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 0883B0DB-DF33-4B80-A870-690D8A794824 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 89276664-D60B-40C5-8837-8C4421EACEAD (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.9:*:*:*:*:*:*:* (string)

matchCriteriaId : DBC2ACC2-E9DA-4C01-9FFD-E23FC7AAC970 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 70460C0E-1BB6-491A-9897-6F1EB5C10BAB (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.11:*:*:*:*:*:*:* (string)

matchCriteriaId : A1C0E9A8-6031-4F92-A709-F98C23FF6307 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.9.12:*:*:*:*:*:*:* (string)

matchCriteriaId : 6594A7E7-169D-493A-966D-44E6229F9A1A (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 755F76DA-E7D5-43A0-B441-E734B6A5AE96 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.10.1:*:*:*:*:*:*:* (string)

matchCriteriaId : FE134D2F-B6D7-4DD7-8D69-B44FD79A7E9A (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.10.2:*:*:*:*:*:*:* (string)

matchCriteriaId : FD51134D-388F-4698-8993-6D927659DF45 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:atlassian:confluence_server:5.10.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 0F69A3AE-7B13-4223-8CFD-7C64D5729177 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.0:*:*:*:*:*:*:* (string)

matchCriteriaId : ED7EB5D9-41D2-4F5A-BB71-8965231E0E91 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 3AF46F73-B274-4CAC-B09C-22B3922F8AE0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.1:*:*:*:*:*:*:* (string)

matchCriteriaId : BCA2BF59-2057-4D40-9D2D-167DCD65BB36 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 22D74C92-6404-4423-A63E-D8FB73B93FCE (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.31.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 3F7E859E-FAB5-4814-92C0-EEAD91ED6C76 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A142C047-72E7-4A3B-A6D7-798111597569 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F08AE659-167E-478A-A8D4-376E6189C31F (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 798FABED-5F49-44C3-AB06-8AA9C5129F29 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 7D0E6E69-4C4C-4AB7-B5EC-98AC16538DB8 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 243FA02E-0878-4D6F-B421-19B25475A3FD (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 55AD904B-172D-4743-9424-620C0F8F4D11 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.3:*:*:*:*:*:*:* (string)

matchCriteriaId : B740B376-B549-4455-AFD9-0FB377707AB7 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.12:*:*:*:*:*:*:* (string)

matchCriteriaId : FDA633A3-6190-4CF9-B501-427151C90C1F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. (string)

}

1 : { »

lang : es (string)

value : El Atlassian Hipchat Integration Plugin para Bitbucket Server 6.26.0 en versiones anteriores a 6.27.5, 6.28.0 en versiones anteriores a 7.3.7 y 7.4.0 en versiones anteriores a 7.8.17; pllugin HipChat para Confluence 6.26.0 en versiones anteriores a 7.8.17; y plugin HipChat para JIRA 6.26.0 en versiones anteriores a 7.8.17 permite a atacantes remotos obtener la clave secreta para comunicarse con instancias HipChat leyendo páginas no especificadas. (string)

}

]

id : CVE-2016-6668 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-01-23T21:59:02.360 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/539530/100/0/threaded (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/93159 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/539530/100/0/threaded (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/93159 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object