$HipChat for JIRA plugin - Velocity template injection

Description

Atlassian discovered internally that HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the HipChat For JIRA plugin enabled. To exploit this issue attackers need to be able to access the JIRA web interface and log into JIRA.

Affected versions:

  • All versions of HipChat For JIRA plugin from 1.3.2 before 6.30.0 are affected by this vulnerability.
  • All versions of JIRA from 6.3.5 before 6.4.11 are affected by this vulnerability.

Remediation

The HipChat for JIRA plugin can be updated through JIRA's addon manager. JIRA Server 6.4.11 is not vulnerable to this issue.

References