CVE-2023-25171 - Vulnerability Details - OpenCVE

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may strain SMTP resources. Users should upgrade to v12.0 or later to receive a patch. As potential workarounds, users may install and configure a rate-limiting proxy in front of Kiwi TCMS and/or configure rate limits on their email server when possible.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Kiwitcms	Kiwi Tcms

Configuration 1 [-]

cpe:2.3:a:kiwitcms:kiwi_tcms:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/kiwitcms/Kiwi/commit/761305d04f5910ba14cc04d1255a8f1afdbb87f3
https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf
https://huntr.dev/bounties/3b712cb6-3fa3-4f71-8562-7a7016c6262e
https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/

History

Mon, 10 Mar 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-02-15T00:00:00.000Z

Updated: 2025-03-10T21:11:05.640Z

Reserved: 2023-02-03T00:00:00.000Z

Link: CVE-2023-25171

Vulnrichment

Updated: 2024-08-02T11:18:36.151Z

NVD

Status : Modified

Published: 2023-02-15T15:15:11.653

Modified: 2024-11-21T07:49:14.837

Link: CVE-2023-25171

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-25171", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2025-03-10T21:11:05.640Z", "dateReserved": "2023-02-03T00:00:00.000Z", "datePublished": "2023-02-15T00:00:00.000Z"}, "containers": {"cna": {"title": "Kiwi TCMS has denial of service vulnerability on Password reset page", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-15T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may strain SMTP resources. Users should upgrade to v12.0 or later to receive a patch. As potential workarounds, users may install and configure a rate-limiting proxy in front of Kiwi TCMS and/or configure rate limits on their email server when possible."}], "affected": [{"vendor": "kiwitcms", "product": "kiwi", "versions": [{"version": "12.0", "status": "affected", "lessThan": "12.0", "versionType": "custom"}]}], "references": [{"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/"}, {"url": "https://huntr.dev/bounties/3b712cb6-3fa3-4f71-8562-7a7016c6262e"}, {"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf"}, {"url": "https://github.com/kiwitcms/Kiwi/commit/761305d04f5910ba14cc04d1255a8f1afdbb87f3"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "cweId": "CWE-770"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "GHSA-7j9h-3jxf-3vrf", "defect": ["GHSA-7j9h-3jxf-3vrf"], "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:36.151Z"}, "title": "CVE Program Container", "references": [{"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/", "tags": ["x_transferred"]}, {"url": "https://huntr.dev/bounties/3b712cb6-3fa3-4f71-8562-7a7016c6262e", "tags": ["x_transferred"]}, {"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf", "tags": ["x_transferred"]}, {"url": "https://github.com/kiwitcms/Kiwi/commit/761305d04f5910ba14cc04d1255a8f1afdbb87f3", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T20:58:32.044199Z", "id": "CVE-2023-25171", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T21:11:05.640Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-25171", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2025-03-10T21:11:05.640Z", "dateReserved": "2023-02-03T00:00:00.000Z", "datePublished": "2023-02-15T00:00:00.000Z"}, "containers": {"cna": {"title": "Kiwi TCMS has denial of service vulnerability on Password reset page", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-15T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may strain SMTP resources. Users should upgrade to v12.0 or later to receive a patch. As potential workarounds, users may install and configure a rate-limiting proxy in front of Kiwi TCMS and/or configure rate limits on their email server when possible."}], "affected": [{"vendor": "kiwitcms", "product": "kiwi", "versions": [{"version": "12.0", "status": "affected", "lessThan": "12.0", "versionType": "custom"}]}], "references": [{"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/"}, {"url": "https://huntr.dev/bounties/3b712cb6-3fa3-4f71-8562-7a7016c6262e"}, {"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf"}, {"url": "https://github.com/kiwitcms/Kiwi/commit/761305d04f5910ba14cc04d1255a8f1afdbb87f3"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "cweId": "CWE-770"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "GHSA-7j9h-3jxf-3vrf", "defect": ["GHSA-7j9h-3jxf-3vrf"], "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:36.151Z"}, "title": "CVE Program Container", "references": [{"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/", "tags": ["x_transferred"]}, {"url": "https://huntr.dev/bounties/3b712cb6-3fa3-4f71-8562-7a7016c6262e", "tags": ["x_transferred"]}, {"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf", "tags": ["x_transferred"]}, {"url": "https://github.com/kiwitcms/Kiwi/commit/761305d04f5910ba14cc04d1255a8f1afdbb87f3", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25171", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T20:58:32.044199Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T20:58:33.821Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kiwitcms:kiwi_tcms:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9830382-D694-402E-98CE-29217187D623", "versionEndExcluding": "12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may strain SMTP resources. Users should upgrade to v12.0 or later to receive a patch. As potential workarounds, users may install and configure a rate-limiting proxy in front of Kiwi TCMS and/or configure rate limits on their email server when possible."}], "id": "CVE-2023-25171", "lastModified": "2024-11-21T07:49:14.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-15T15:15:11.653", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/kiwitcms/Kiwi/commit/761305d04f5910ba14cc04d1255a8f1afdbb87f3"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required"], "url": "https://huntr.dev/bounties/3b712cb6-3fa3-4f71-8562-7a7016c6262e"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/kiwitcms/Kiwi/commit/761305d04f5910ba14cc04d1255a8f1afdbb87f3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://huntr.dev/bounties/3b712cb6-3fa3-4f71-8562-7a7016c6262e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}