3 matches found
CVE-2023-30628
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlle...
CVE-2023-27581
github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...
PYSEC-2023-273
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior,the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlled...