PT-2017-18098 · Atlassian · Hipchat
Published
2017-05-05
·
Updated
2017-05-16
·
CVE-2017-8058
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Atlassian HipChat versions prior to 3.16.2 for iOS
Description
The issue allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call due to the acceptance of invalid or self-signed TLS certificates.
Recommendations
For versions prior to 3.16.2, update to version 3.16.2 or later to resolve the issue.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hipchat