11 matches found
CVE-2023-22451
Kiwi TCMS (open source test management) has a CVE-2023-22451 vulnerability where versions ≤11.6 allow weak passwords during account creation or password changes due to missing validation. The root cause is insufficient password validation, mitigated in version 11.7 by defaults for AUTH_PASSWORD_V...
CVE-2022-4105
CVE-2022-4105 refers to a stored XSS in Kiwi TCMS’s kiwi Test Plan. The vulnerability allows attacker-supplied JavaScript to execute in the context of the application, potentially enabling a chained HTML injection that can perform a UI redressing attack (clickjacking) and an HTML injection that d...
CVE-2023-33977
Kiwi TCMS is affected by CVE-2023-33977 (stored XSS via unrestricted file upload) in versions prior to 12.4. The root cause is incomplete upload validation that can permit uploading potentially dangerous files, enabling arbitrary JavaScript execution in the browser. An additional issue involves N...
CVE-2023-30544
CVE-2023-30544 affects Kiwi TCMS prior to v12.2. The issue allows a user to update the email address on the My profile page without ownership verification performed during account registration, effectively enabling an unverified change to a registered account. Multiple sources (Red Hat, NVD, CVE ...
CVE-2023-32686
Kiwi TCMS before version 12.3 was vulnerable to stored XSS via unrestricted file uploads. Weak upload validators allowed crafted file combinations to bypass Content-Security-Policy, enabling arbitrary JavaScript execution in the browser. The issue is patched in version 12.3. Remediation: upgrade ...
CVE-2023-25156
Kiwi TCMS before version 12.0 does not enforce rate limiting on the login page, enabling easier brute-force attempts. The issue is documented across multiple sources (NVD, Red Hat, OSV, GHSA) and is resolved by upgrading to v12.0 or later, which includes a patch. As a workaround, applying a rate-...
CVE-2023-25171
Kiwi TCMS before version 12.0 does not implement rate limiting, enabling potential denial-of-service on the Password reset page by flooding with emails and straining SMTP resources. The issue is mitigated by upgrading to v12.0 or later. Workarounds include deploying a rate-limiting proxy in front...
CVE-2023-30613
Kiwi TCMS before version 12.2 allowed arbitrary file uploads because there was no validation of upload file types. This allowed attackers to upload potentially executable files (.exe) or files containing [removed] tags that could trigger XSS, leading to code execution on users’ machines. Version ...
CVE-2023-27489
Kiwi TCMS (open source test management) has a CVE-2023-27489 stored XSS via SVG file upload. The vulnerability arises because uploaded SVGs could contain JavaScript that executes when viewed in contexts that do not render in an HTML page. The issue is mitigated by a CSP header that blocks inline ...
CVE-2023-36809
Kiwi TCMS prior to version 12.5 is impacted by a stored XSS issue tied to how uploaded attachments (test plans, test cases, etc.) are served. The root cause involved an earlier attempt to treat all uploaded files as plain text to prevent script execution, but some browsers (e.g., Firefox) could i...
CVE-2023-30628
Kiwi TCMS (Kiwi/Kiw i) versions 12.2 and earlier, including kiwitcms/Kiwi and kiwitcms/enterprise, are affected by a command-injection vulnerability in the changelog.yml CI workflow. The issue arises from using an attacker-controlled untrusted github.head_ref field, which can be assigned to a cra...