GHSA-7968-H4M4-GHM9 No protection against brute-force attacks on login page

Impact Previous versions of Kiwi TCMS do not impose rate limits which makes it easier to attempt brute-force attacks against the login page. Patches Users should upgrade to v12.0 or later. Workarounds Users may install and configure a rate-limiting proxy in front of Kiwi TCMS. For example nginx...

No protection against brute-force attacks on login page

Impact Previous versions of Kiwi TCMS do not impose rate limits which makes it easier to attempt brute-force attacks against the login page. Patches Users should upgrade to v12.0 or later. Workarounds Users may install and configure a rate-limiting proxy in front of Kiwi TCMS. For example nginx...

Code injection

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a...

Code injection

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users...

CVE-2023-25156 Kiwi TCMS has no protection against brute-force attacks on login page

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a...