发布时间: 2023年5月5日
修改时间: 2023年5月5日
Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 4.3 | 4.3 |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | None | None |
| Integrity | Low | Low |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1320 | Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist. | 2023年5月5日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | kiwi | Unaffected |
| KY3.4-5A | kiwi | Unaffected |
| KY3.5.1 | kiwi | Unaffected |
| KY3.5.2 | kiwi | Unaffected |
