Skip to main content

Kiwi Tcms CVE-2023-30613

CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2023-04-24 security-advisories@github.com
9.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.0 CRITICAL
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 24, 2023 - 17:15 nvd
CRITICAL 9.0

DescriptionNVD

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer.

Kiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default .exe are denied. Other files containing the <script> tag, regardless of their type are also denied b/c they are a path to XSS attacks. There are no known workarounds aside from upgrading.

AnalysisAI

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer. Kiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default .exe are denied. Other files containing the <script> tag, regardless of their type are also denied b/c they are a path to XSS attacks. There are no known workarounds aside from upgrading. Affected products include: Kiwitcms Kiwi Tcms. Version information: prior to 12.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2023-30628 HIGH POC
8.8 Apr 24

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely explo

CVE-2023-25156 CRITICAL
9.8 Feb 15

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated critical

CVE-2023-36809 MEDIUM POC
5.4 Jul 05

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Rate

CVE-2023-33977 MEDIUM POC
5.4 Jun 06

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.

CVE-2022-4105 MEDIUM POC
5.4 Nov 21

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a

CVE-2023-22451 HIGH
8.8 Jan 02

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely explo

CVE-2023-25171 MEDIUM
5.9 Feb 15

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated medium se

CVE-2023-32686 MEDIUM
5.4 May 27

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.

CVE-2023-27489 MEDIUM
5.4 Mar 29

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.

CVE-2023-30544 MEDIUM
4.3 Apr 24

Kiwi TCMS is an open source test management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exp

Share

CVE-2023-30613 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy