PYSEC-2023-273

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/kiwitcms/PYSEC-2023-273.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2023-273
Aliases
Published
2023-04-24T22:15:00Z
Modified
2024-11-21T14:59:47.644461Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.head_ref field. The github.head_ref value is an attacker-controlled value. Assigning the value to zzz";echo${IFS}"hello";# can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue.

References

Affected packages

PyPI / kiwitcms

Package

Affected ranges

Type
GIT
Repo
https://github.com/kiwitcms/enterprise
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/kiwitcms/Kiwi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.3

Affected versions

6.*

6.2.1
6.3
6.4
6.5
6.5.3
6.6
6.7
6.8
6.9
6.10
6.11

7.*

7.0
7.1
7.2
7.2.1
7.3

8.*

8.0
8.1
8.1.99
8.2
8.3
8.4
8.5
8.6
8.6.1
8.7
8.8
8.9

9.*

9.0
9.999

10.*

10.0
10.1
10.2
10.3
10.3.999
10.4
10.5

11.*

11.0
11.1
11.3
11.4
11.5
11.6
11.7

12.*

12.0
12.1
12.2