Lucene search

GitHub Advisory DatabaseGHSA-7X6Q-3V3M-CWJG

HistoryApr 24, 2023 - 4:46 p.m.

kiwi TCMS has possibility for user to update email address to unverified one

2023-04-2416:46:14

CWE-283

CWE-863

GitHub Advisory Database

github.com

kiwi tcms

email update

security issue

account ownership

version 12.2

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

42.3%

JSON

Impact

In previous versions of Kiwi TCMS users were able to update their email addresses via the “My profile” admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration.

Patches

With Kiwi TCMS v12.2 or later it is not possible to edit the email field associated with a user account!

Workarounds

No workaround exists.

References

Disclosed by @novemberdad.

Affected configurations

Vulners

Node

kiwitcmskiwi_tcmsRange<12.2

CPENameOperatorVersion
kiwitcmslt12.2

CPE	Name	Operator	Version
	kiwitcms	lt	12.2

References

github.com/advisories/GHSA-7x6q-3v3m-cwjg

github.com/kiwitcms/Kiwi/security/advisories/GHSA-7x6q-3v3m-cwjg

huntr.dev/bounties/1714df73-e639-4d64-ab25-ced82dad9f85/

kiwitcms.org/blog/kiwi-tcms-team/2023/04/23/kiwi-tcms-122/

nvd.nist.gov/vuln/detail/CVE-2023-30544

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

42.3%

JSON

Related for GHSA-7X6Q-3V3M-CWJG