CVE-2023-30628— Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-30628
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Kiwi TCMS 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Kiwi TCMS是Kiwi TCMS开源的一个用于手动和自动测试的领先开源测试管理系统。 Kiwi TCMS存在操作系统命令注入漏洞,该漏洞源于使用了不受信任的字段导致存在命令注入漏洞。受影响的产品和版本:kiwitcms/Kiwi 12.2及之前版本, kiwitcms/enterprise 12.2及之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-30628
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-30628
请登录查看更多情报信息。
- https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-cw6r-6ccx-5hwxx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2023-30628
Same Patch Batch · kiwitcms · 2023-04-24 · 3 CVEs total
| CVE-2023-30613 | 8.1 HIGH | Kiwi TCMS unrestricted file upload vulnerability |
| CVE-2023-30544 | 3.9 LOW | Kiwi TCMS may allow user to update email address to unverified one |
IV. Related Vulnerabilities
Same product: Kiwi
- CVE-2025-58790
WordPress Kiwi Plugin <= 2.1.8 - Cross Site Scripting (XSS) - CVE-2023-36809
Kiwi TCMS's misconfigured HTTP headers allow stored XSS exec - CVE-2023-33977
Stored cross site scripting (XSS) via unrestricted file uplo - CVE-2023-32686
kiwitcms vulnerable to stored XSS via unrestricted files upl - CVE-2023-30613
Kiwi TCMS unrestricted file upload vulnerability
Same vendor: kiwitcms
- CVE-2023-36809
Kiwi TCMS's misconfigured HTTP headers allow stored XSS exec - CVE-2023-33977
Stored cross site scripting (XSS) via unrestricted file uplo - CVE-2023-32686
kiwitcms vulnerable to stored XSS via unrestricted files upl - CVE-2023-30613
Kiwi TCMS unrestricted file upload vulnerability - CVE-2023-30544
Kiwi TCMS may allow user to update email address to unverifi
Same weakness: CWE-78
- CVE-2026-8273
D-Link DNS-320 system_mgr.cgi cgi_merge_user os command inje - CVE-2026-8272
D-Link DNS-320 webfile_mgr.cgi chown os command injection - CVE-2026-8271
D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command inje - CVE-2026-8265
Tenda AC6 httpd getLogFile get_log_file os command injection - CVE-2026-8264
Tenda AC6 httpd WifiApScan formWifiApScan os command injecti
V. Comments for CVE-2023-30628
No comments yet