Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
CVE-2023-30628 (GCVE-0-2023-30628)
Vulnerability from cvelistv5 – Published: 2023-04-24 21:17 – Updated: 2025-02-12 16:35
VLAI?
Title
Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow
Summary
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior,
the `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-cw6r-6ccx-5hwx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-cw6r-6ccx-5hwx"
},
{
"name": "https://github.com/kiwitcms/Kiwi/commit/834c86dfd1b2492ccad7ebbfd6304bfec895fed2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kiwitcms/Kiwi/commit/834c86dfd1b2492ccad7ebbfd6304bfec895fed2"
},
{
"name": "https://github.com/kiwitcms/enterprise/commit/e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kiwitcms/enterprise/commit/e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751"
},
{
"name": "https://github.com/kiwitcms/Kiwi/blob/37bfb87696093ce0393160e2725949185cc0651d/.github/workflows/changelog.yml#L18",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kiwitcms/Kiwi/blob/37bfb87696093ce0393160e2725949185cc0651d/.github/workflows/changelog.yml#L18"
},
{
"name": "https://securitylab.github.com/research/github-actions-untrusted-input/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30628",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T20:56:03.570693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:35:13.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kiwi",
"vendor": "kiwitcms",
"versions": [
{
"status": "affected",
"version": "\u003c= 12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior,\nthe `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz\";echo${IFS}\"hello\";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T21:17:32.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-cw6r-6ccx-5hwx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-cw6r-6ccx-5hwx"
},
{
"name": "https://github.com/kiwitcms/Kiwi/commit/834c86dfd1b2492ccad7ebbfd6304bfec895fed2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kiwitcms/Kiwi/commit/834c86dfd1b2492ccad7ebbfd6304bfec895fed2"
},
{
"name": "https://github.com/kiwitcms/enterprise/commit/e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kiwitcms/enterprise/commit/e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751"
},
{
"name": "https://github.com/kiwitcms/Kiwi/blob/37bfb87696093ce0393160e2725949185cc0651d/.github/workflows/changelog.yml#L18",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kiwitcms/Kiwi/blob/37bfb87696093ce0393160e2725949185cc0651d/.github/workflows/changelog.yml#L18"
},
{
"name": "https://securitylab.github.com/research/github-actions-untrusted-input/",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/"
}
],
"source": {
"advisory": "GHSA-cw6r-6ccx-5hwx",
"discovery": "UNKNOWN"
},
"title": "Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-30628",
"datePublished": "2023-04-24T21:17:32.896Z",
"dateReserved": "2023-04-13T13:25:18.833Z",
"dateUpdated": "2025-02-12T16:35:13.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
PYSEC-2023-273
Vulnerability from pysec - Published: 2023-04-24 22:15 - Updated: 2024-11-21 14:22
VLAI?
Details
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior,
the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.head_ref field. The github.head_ref value is an attacker-controlled value. Assigning the value to zzz";echo${IFS}"hello";# can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue.
Severity ?
8.8 (High)
Impacted products
| Name | purl | kiwitcms | pkg:pypi/kiwitcms |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "kiwitcms",
"purl": "pkg:pypi/kiwitcms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751"
}
],
"repo": "https://github.com/kiwitcms/enterprise",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "834c86dfd1b2492ccad7ebbfd6304bfec895fed2"
}
],
"repo": "https://github.com/kiwitcms/Kiwi",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.0",
"10.1",
"10.2",
"10.3",
"10.3.999",
"10.4",
"10.5",
"11.0",
"11.1",
"11.3",
"11.4",
"11.5",
"11.6",
"11.7",
"12.0",
"12.1",
"12.2",
"6.10",
"6.11",
"6.2.1",
"6.3",
"6.4",
"6.5",
"6.5.3",
"6.6",
"6.7",
"6.8",
"6.9",
"7.0",
"7.1",
"7.2",
"7.2.1",
"7.3",
"8.0",
"8.1",
"8.1.99",
"8.2",
"8.3",
"8.4",
"8.5",
"8.6",
"8.6.1",
"8.7",
"8.8",
"8.9",
"9.0",
"9.999"
]
}
],
"aliases": [
"CVE-2023-30628",
"GHSA-cw6r-6ccx-5hwx"
],
"details": "Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior,\nthe `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz\";echo${IFS}\"hello\";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue.",
"id": "PYSEC-2023-273",
"modified": "2024-11-21T14:22:53.063160+00:00",
"published": "2023-04-24T22:15:00+00:00",
"references": [
{
"type": "FIX",
"url": "https://github.com/kiwitcms/enterprise/commit/e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751"
},
{
"type": "ADVISORY",
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-cw6r-6ccx-5hwx"
},
{
"type": "FIX",
"url": "https://github.com/kiwitcms/Kiwi/commit/834c86dfd1b2492ccad7ebbfd6304bfec895fed2"
},
{
"type": "WEB",
"url": "https://github.com/kiwitcms/Kiwi/blob/37bfb87696093ce0393160e2725949185cc0651d/.github/workflows/changelog.yml#L18"
},
{
"type": "EVIDENCE",
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/"
},
{
"type": "WEB",
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}