Atlassian HipChat Server 1.0 < 2.2.4 Image Upload RCE
High Nessus Plugin ID 100160
SynopsisThe remote chat server is affected by a remote code execution vulnerability.
DescriptionThe version of Atlassian HipChat Server installed on the remote host is 1.0 or later but prior to 2.2.4. It is, therefore, affected by a remote code execution vulnerability due to improper validation of uploaded images. An authenticated, remote attacker can exploit this, via a specially crafted image, to execute arbitrary code.
SolutionUpdate to Atlassian HipChat Server version 2.2.4 or later.
Alternatively, apply the patch specified in the vendor advisory.