{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T22:05:31.890","vulnerabilities":[{"cve":{"id":"CVE-2023-30628","sourceIdentifier":"security-advisories@github.com","published":"2023-04-24T22:15:09.953","lastModified":"2024-11-21T08:00:32.690","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior,\nthe `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz\";echo${IFS}\"hello\";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kiwitcms:kiwi_tcms:*:*:*:*:*:*:*:*","versionEndIncluding":"12.2","matchCriteriaId":"F9FB0E8B-2316-4900-95EF-D3DA528551F7"}]}]}],"references":[{"url":"https://github.com/kiwitcms/Kiwi/blob/37bfb87696093ce0393160e2725949185cc0651d/.github/workflows/changelog.yml#L18","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/kiwitcms/Kiwi/commit/834c86dfd1b2492ccad7ebbfd6304bfec895fed2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-cw6r-6ccx-5hwx","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/kiwitcms/enterprise/commit/e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://securitylab.github.com/research/github-actions-untrusted-input/","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/kiwitcms/Kiwi/blob/37bfb87696093ce0393160e2725949185cc0651d/.github/workflows/changelog.yml#L18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://github.com/kiwitcms/Kiwi/commit/834c86dfd1b2492ccad7ebbfd6304bfec895fed2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-cw6r-6ccx-5hwx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/kiwitcms/enterprise/commit/e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://securitylab.github.com/research/github-actions-untrusted-input/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}