Skip to main content

Kiwi Tcms CVE-2023-30628

HIGH
OS Command Injection (CWE-78)
2023-04-24 security-advisories@github.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 24, 2023 - 22:15 nvd
HIGH 8.8

DescriptionNVD

Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.head_ref field. The github.head_ref value is an attacker-controlled value. Assigning the value to zzz";echo${IFS}"hello";# can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue.

AnalysisAI

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.head_ref field. The github.head_ref value is an attacker-controlled value. Assigning the value to zzz";echo${IFS}"hello";# can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue. Affected products include: Kiwitcms Kiwi Tcms.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2023-30613 CRITICAL POC
9.0 Apr 24

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. Rat

CVE-2023-25156 CRITICAL
9.8 Feb 15

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated critical

CVE-2023-36809 MEDIUM POC
5.4 Jul 05

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Rate

CVE-2023-33977 MEDIUM POC
5.4 Jun 06

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.

CVE-2022-4105 MEDIUM POC
5.4 Nov 21

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a

CVE-2023-22451 HIGH
8.8 Jan 02

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely explo

CVE-2023-25171 MEDIUM
5.9 Feb 15

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated medium se

CVE-2023-32686 MEDIUM
5.4 May 27

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.

CVE-2023-27489 MEDIUM
5.4 Mar 29

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.

CVE-2023-30544 MEDIUM
4.3 Apr 24

Kiwi TCMS is an open source test management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exp

Share

CVE-2023-30628 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy