CVE-2017-14586 - Vulnerability Details

Vendors	Products
Atlassian	Hipchat

Link	Providers
http://www.securityfocus.com/bid/101947
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html
https://jira.atlassian.com/browse/HCPUB-3473

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Hipchat for Mac desktop client", "vendor": "Atlassian", "versions": [{"status": "affected", "version": "4.0 <= version < 4.30"}]}], "datePublic": "2017-11-22T00:00:00", "descriptions": [{"lang": "en", "value": "The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability."}], "problemTypes": [{"descriptions": [{"description": "Client Side Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-28T10:57:01", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"name": "101947", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101947"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jira.atlassian.com/browse/HCPUB-3473"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2017-11-22T00:00:00", "ID": "CVE-2017-14586", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Hipchat for Mac desktop client", "version": {"version_data": [{"version_value": "4.0 <= version < 4.30"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Client Side Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "101947", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101947"}, {"name": "https://jira.atlassian.com/browse/HCPUB-3473", "refsource": "CONFIRM", "url": "https://jira.atlassian.com/browse/HCPUB-3473"}, {"name": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html", "refsource": "CONFIRM", "url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:34:38.504Z"}, "title": "CVE Program Container", "references": [{"name": "101947", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101947"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jira.atlassian.com/browse/HCPUB-3473"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2017-14586", "datePublished": "2017-11-27T16:00:00Z", "dateReserved": "2017-09-19T00:00:00", "dateUpdated": "2024-09-16T18:08:06.305Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Hipchat for Mac desktop client (string)

vendor : Atlassian (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.0 <= version < 4.30 (string)

}

]

}

]

datePublic : 2017-11-22T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Client Side Remote Code Execution (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-11-28T10:57:01 (string)

orgId : f08a6ab8-ed46-4c22-8884-d911ccfe3c66 (string)

shortName : atlassian (string)

}

references : [ »

0 : { »

name : 101947 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/101947 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://jira.atlassian.com/browse/HCPUB-3473 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@atlassian.com (string)

DATE_PUBLIC : 2017-11-22T00:00:00 (string)

ID : CVE-2017-14586 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Hipchat for Mac desktop client (string)

version : { »

version_data : [ »

0 : { »

version_value : 4.0 <= version < 4.30 (string)

}

]

}

]

}

vendor_name : Atlassian (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Client Side Remote Code Execution (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 101947 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/101947 (string)

}

1 : { »

name : https://jira.atlassian.com/browse/HCPUB-3473 (string)

refsource : CONFIRM (string)

url : https://jira.atlassian.com/browse/HCPUB-3473 (string)

}

2 : { »

name : https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html (string)

refsource : CONFIRM (string)

url : https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T19:34:38.504Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 101947 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/101947 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://jira.atlassian.com/browse/HCPUB-3473 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f08a6ab8-ed46-4c22-8884-d911ccfe3c66 (string)

assignerShortName : atlassian (string)

cveId : CVE-2017-14586 (string)

datePublished : 2017-11-27T16:00:00Z (string)

dateReserved : 2017-09-19T00:00:00 (string)

dateUpdated : 2024-09-16T18:08:06.305Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:hipchat:*:*:*:*:*:macos:*:*", "matchCriteriaId": "534D0985-9162-43C8-9B33-A634A1187FB4", "versionEndExcluding": "4.30", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability."}, {"lang": "es", "value": "El cliente de escritorio Hipchat para Mac es vulnerable a ejecuci\u00f3n remota de c\u00f3digo de parte del cliente mediante el an\u00e1lisis sint\u00e1ctico de enlaces de videollamada. Los clientes de escritorio Hipchat para Mac en versiones iguales o superiores a la 4.0 y anteriores a la versi\u00f3n 4.30 se han visto afectadas por esta vulnerabilidad."}], "id": "CVE-2017-14586", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-27T16:29:00.293", "references": [{"source": "security@atlassian.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101947"}, {"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html"}, {"source": "security@atlassian.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/HCPUB-3473"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101947"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/HCPUB-3473"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:atlassian:hipchat:*:*:*:*:*:macos:*:* (string)

matchCriteriaId : 534D0985-9162-43C8-9B33-A634A1187FB4 (string)

versionEndExcluding : 4.30 (string)

versionStartIncluding : 4.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability. (string)

}

1 : { »

lang : es (string)

value : El cliente de escritorio Hipchat para Mac es vulnerable a ejecución remota de código de parte del cliente mediante el análisis sintáctico de enlaces de videollamada. Los clientes de escritorio Hipchat para Mac en versiones iguales o superiores a la 4.0 y anteriores a la versión 4.30 se han visto afectadas por esta vulnerabilidad. (string)

}

]

id : CVE-2017-14586 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-11-27T16:29:00.293 (string)

references : [ »

0 : { »

source : security@atlassian.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/101947 (string)

}

1 : { »

source : security@atlassian.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html (string)

}

2 : { »

source : security@atlassian.com (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://jira.atlassian.com/browse/HCPUB-3473 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/101947 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://jira.atlassian.com/browse/HCPUB-3473 (string)

}

]

sourceIdentifier : security@atlassian.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object