CVE-2016-6668

Name of the Vulnerable Software and Affected Versions Atlassian Hipchat Integration Plugin for Bitbucket Server versions 6.26.0 through 6.27.5 Atlassian Hipchat Integration Plugin for Bitbucket Server versions 6.28.0 through 7.3.7 Atlassian Hipchat Integration Plugin for Bitbucket Server versions 7.4.0 through 7.8.17 Confluence HipChat plugin versions 6.26.0 through 7.8.17 HipChat for JIRA plugin versions 6.26.0 through 7.8.17

Description The issue allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.

Recommendations For Atlassian Hipchat Integration Plugin for Bitbucket Server versions 6.26.0 through 6.27.5, update to version 6.27.5 or later. For Atlassian Hipchat Integration Plugin for Bitbucket Server versions 6.28.0 through 7.3.7, update to version 7.3.7 or later. For Atlassian Hipchat Integration Plugin for Bitbucket Server versions 7.4.0 through 7.8.17, update to version 7.8.17 or later. For Confluence HipChat plugin versions 6.26.0 through 7.8.17, update to version 7.8.17 or later. For HipChat for JIRA plugin versions 6.26.0 through 7.8.17, update to version 7.8.17 or later.