9

CVE-2023-30613

Exploit

EPSS 0.42%
Veröffentlicht 24.04.2023 17:15:10
Zuletzt bearbeitet 11.04.2025 14:50:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer.

Kiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `<script>` tag, regardless of their type are also denied b/c they are a path to XSS attacks. There are no known workarounds aside from upgrading.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kiwitcms ≫ Kiwi Tcms Version < 12.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.615

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	2.3	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
security-advisories@github.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://kiwitcms.org/blog/kiwi-tcms-team/2023/04/23/kiwi-tcms-122/

Release Notes

https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-fwcf-753v-fgcj

Vendor Advisory

https://huntr.dev/bounties/c30d3503-600d-4d00-9571-98826a51f12c

Permissions Required

https://huntr.com/bounties/c30d3503-600d-4d00-9571-98826a51f12c

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-30613

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30613

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30613

EUVD