Kiwi Tcms
CVE-2023-25156
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS.
AnalysisAI
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
Technical ContextAI
This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS. Affected products include: Kiwitcms Kiwi Tcms. Version information: prior to 12.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.
Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. Rat
Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely explo
Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Rate
Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a
Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely explo
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated medium se
Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.
Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.
Kiwi TCMS is an open source test management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exp
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today