CVE-2015-5603
CVE-2015-5603
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
Affected products
n/a · n/apublic PoCs found — 5
cve_referencepacketstormsecurity.com/files/133401/Jira-HipChat-For-Jira-Java-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/38551/unverifiedcve_referencewww.exploit-db.com/exploits/38905/unverifiedexploitdbwww.exploit-db.com/exploits/38905unverifiedexploitdbwww.exploit-db.com/exploits/38551unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/133401/Jira-HipChat-For-Jira-Java-Code-Execution.htmlhttps://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2015-08-26-776650785.htmlhttps://www.exploit-db.com/exploits/38551/https://www.exploit-db.com/exploits/38905/http://www.rapid7.com/db/modules/exploit/multi/http/jira_hipchat_templatehttp://www.securityfocus.com/archive/1/536374/100/0/threaded