Search for vulnerabilities
| Vulnerability ID | VCID-njy8-26hp-63f9 |
| Aliases |
CVE-2023-30628
GHSA-cw6r-6ccx-5hwx PYSEC-2023-273 |
| Summary | Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 7.9 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| Reference id | Reference type | URL |
|---|---|---|
| https://api.first.org/data/v1/epss?cve=CVE-2023-30628 | ||
| 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 | https://github.com/kiwitcms/Kiwi/commit/834c86dfd1b2492ccad7ebbfd6304bfec895fed2 | |
| changelog.yml#L18 | https://github.com/kiwitcms/Kiwi/blob/37bfb87696093ce0393160e2725949185cc0651d/.github/workflows/changelog.yml#L18 | |
| e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 | https://github.com/kiwitcms/enterprise/commit/e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 | |
| GHSA-cw6r-6ccx-5hwx | https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-cw6r-6ccx-5hwx | |
| github-actions-untrusted-input | https://securitylab.github.com/research/github-actions-untrusted-input/ |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.94201 |
| EPSS Score | 0.12856 |
| Published At | June 11, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-11T17:20:11.366135+00:00 | Vulnrichment | Import | https://github.com/cisagov/vulnrichment/blob/develop/2023/30xxx/CVE-2023-30628.json | 38.6.0 |