Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist.
References
Link | Resource |
---|---|
https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7x6q-3v3m-cwjg | Vendor Advisory |
https://huntr.dev/bounties/1714df73-e639-4d64-ab25-ced82dad9f85/ | Permissions Required |
https://kiwitcms.org/blog/kiwi-tcms-team/2023/04/23/kiwi-tcms-122/ | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-24T16:26:08.626Z
Updated: 2023-04-24T16:26:08.626Z
Reserved: 2023-04-12T15:19:33.767Z
Link: CVE-2023-30544
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-24T17:15:10.777
Modified: 2023-05-03T18:52:51.757
Link: CVE-2023-30544
JSON object: View
Redhat Information
No data.