3 matches found
CVE-2023-30628 Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlle...
CVE-2023-30628 Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlle...
CVE-2023-30628
Kiwi TCMS (Kiwi/Kiw i) versions 12.2 and earlier, including kiwitcms/Kiwi and kiwitcms/enterprise, are affected by a command-injection vulnerability in the changelog.yml CI workflow. The issue arises from using an attacker-controlled untrusted github.head_ref field, which can be assigned to a cra...