HipChat for JIRA plugin - Velocity template injection

  • Atlassian discovered internally that HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the HipChat For JIRA plugin enabled. To exploit this issue attackers need to be able to access the JIRA web interface and log into JIRA.

    Affected versions:
    • All versions of HipChat For JIRA plugin from 1.3.2 before 6.30.0 are affected by this vulnerability.
    • All versions of JIRA from 6.3.5 before 6.4.11 are affected by this vulnerability.
  • The HipChat for JIRA plugin can be updated through JIRA's addon manager. JIRA Server 6.4.11 is not vulnerable to this issue.