Kiwitcms

Kiwi Tcms

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-36809

Exploit
  • EPSS 0.57%
  • Veröffentlicht 05.07.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:10:38

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prev...

5.4

CVE-2023-33977

Exploit
  • EPSS 4.57%
  • Veröffentlicht 06.06.2023 19:15:12
  • Zuletzt bearbeitet 21.11.2024 08:06:20

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent ...

5.4

CVE-2023-32686

  • EPSS 0.92%
  • Veröffentlicht 27.05.2023 04:15:25
  • Zuletzt bearbeitet 21.11.2024 08:03:51

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent ...

8.8

CVE-2023-30628

Exploit
  • EPSS 1.73%
  • Veröffentlicht 24.04.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:00:32

Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` fiel...

4.3

CVE-2023-30544

  • EPSS 0.53%
  • Veröffentlicht 24.04.2023 17:15:10
  • Zuletzt bearbeitet 04.02.2025 19:15:29

Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their acco...

9

CVE-2023-30613

Exploit
  • EPSS 0.42%
  • Veröffentlicht 24.04.2023 17:15:10
  • Zuletzt bearbeitet 11.04.2025 14:50:37

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upl...

5.4

CVE-2023-27489

  • EPSS 0.54%
  • Veröffentlicht 29.03.2023 19:15:22
  • Zuletzt bearbeitet 21.11.2024 07:53:00

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS accepts SVG files uploaded by users which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered in an HTML p...

9.8

CVE-2023-25156

  • EPSS 0.74%
  • Veröffentlicht 15.02.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 07:49:13

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a worka...

5.9

CVE-2023-25171

  • EPSS 0.77%
  • Veröffentlicht 15.02.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 07:49:14

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of e...

8.8

CVE-2023-22451

  • EPSS 0.34%
  • Veröffentlicht 02.01.2023 16:15:11
  • Zuletzt bearbeitet 21.11.2024 07:44:49

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is re...