CVE-2023-30628 – kiwitcms

Package

Manager: pip
Name: kiwitcms
Vulnerable Version: =10.0 || =10.1 || =10.2 || =10.3 || =10.3.999 || =10.4 || =10.5 || =11.0 || =11.1 || =11.3 || =11.4 || =11.5 || =11.6 || =11.7 || =12.0 || =12.1 || =12.2 || =6.10 || =6.11 || =6.2.1 || =6.3 || =6.4 || =6.5 || =6.5.3 || =6.6 || =6.7 || =6.8 || =6.9 || =7.0 || =7.1 || =7.2 || =7.2.1 || =7.3 || =8.0 || =8.1 || =8.1.99 || =8.2 || =8.3 || =8.4 || =8.5 || =8.6 || =8.6.1 || =8.7 || =8.8 || =8.9 || =9.0 || =9.999 || >=0 <e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 || >=0 <834c86dfd1b2492ccad7ebbfd6304bfec895fed2 || >=0 <12.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01816 pctl0.82144

Details

Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue.

Metadata

Created: 2023-04-24T22:15:00Z
Modified: 2024-11-21T14:57:02.609364Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F422
Auto approve: 1