CVE-2015-5603

HipChat for JIRA <6.30.0 - Code Injection

Title source: llm

Description

The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/38905

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Chris Wood · pythonwebappsjava

https://www.exploit-db.com/exploits/38551

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Chris Wood, sinn3r · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jira_hipchat_template.rb

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/133401/Jira-HipChat-For-Jira-Java-Code-Execution.html

[Third Party Advisory] http://www.rapid7.com/db/modules/exploit/multi/http/jira_hipchat_template

[Vendor Advisory] https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2015-08-26-776650785.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/536374/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/38551/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/38905/

Scores

EPSS 0.8253

EPSS Percentile 99.2%

Details

CWE

CWE-94

Status published

Products (1)

atlassian/hipchat < 6.29.2

Published Sep 21, 2015

Tracked Since Feb 18, 2026