CVE-2016-6668

The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:confluence_server:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.9:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.11:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.9.12:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.10.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.10.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:5.10.3:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.31.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.12:*:*:*:*:*:*:*

History

21 Nov 2024, 02:56

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/539530/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/539530/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/93159 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/93159 - Broken Link, Third Party Advisory, VDB Entry
References () https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html - Vendor Advisory () https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html - Vendor Advisory
References () https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html - Vendor Advisory () https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html - Vendor Advisory
References () https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html - Vendor Advisory () https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html - Vendor Advisory

Information

Published : 2017-01-23 21:59

Updated : 2024-11-21 02:56


NVD link : CVE-2016-6668

Mitre link : CVE-2016-6668

CVE.ORG link : CVE-2016-6668


JSON object : View

Products Affected

atlassian

  • jira_integration_for_hipchat
  • confluence_server
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor