This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote chat server is affected by a remote code execution
The version of Atlassian HipChat Server installed on the remote host
is 1.0 or later but prior to 2.2.4. It is, therefore, affected by a
remote code execution vulnerability due to improper validation of
uploaded images. An authenticated, remote attacker can exploit this,
via a specially crafted image, to execute arbitrary code.
See also :
Update to Atlassian HipChat Server version 2.2.4 or later.
Alternatively, apply the patch specified in the vendor advisory.
Risk factor :
High / CVSS Base Score : 9.0
CVSS Temporal Score : 7.4
Public Exploit Available : true