What is CVE-2015-5603?

CVE-2015-5603 is a vulnerability in Atlassian Hipchat, classified under Code Injection. Published 2015-09-21.

Is CVE-2015-5603 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Atlassian Hipchat

CVE-2015-5603

The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.825 (99.3th percentile) — read the EPSS interpretation.

Affected products

Atlassian Hipchat
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
38905 (exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
20150902 CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection (mailing-list, x_refsource_BUGTRAQ)
38551 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2015-5603?: CVE-2015-5603 is a vulnerability in Atlassian Hipchat, classified under Code Injection. Published 2015-09-21.
Is CVE-2015-5603 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.