Igibek

#15944de 53,635
16.9CVSS total
Vulnerabilidades · 2
Alta
2
PT-2023-23164
8.1
2023-05-26
Nextcloud · Nextcloud Cookbook · CVE-2023-31128
**Name of the Vulnerable Software and Affected Versions** NextCloud Cookbook versions prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch **Description** The issue concerns a command injection vulnerability due to the use of an untrusted `github.head ref` field in the `pull-checks.yml` workflow. The `github.head ref` value can be controlled by an attacker, allowing for command injection attacks by assigning a value such as `zzz";echo${IFS}"hello";#`. This vulnerability provides an attacker with write-access to the repository due to unrestricted permissions. The vulnerability affects the main repository and possible forks of it, but there is no risk to users of the app within the NextCloud server. **Recommendations** To resolve the issue, ensure that your fork of the NextCloud Cookbook repository is updated to the latest version, at least commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch. As a temporary workaround, consider restricting access to the `pull-checks.yml` workflow until the update is applied.
PT-2023-22825
8.8
2023-04-24
Kiwi Tcms · Kiwitcms/Kiwi · CVE-2023-30628
**Name of the Vulnerable Software and Affected Versions** kiwitcms/Kiwi versions 12.2 and prior kiwitcms/enterprise versions 12.2 and prior **Description** The `changelog.yml` workflow in Kiwi TCMS is vulnerable to command injection attacks due to the use of an untrusted `github.head ref` field. The `github.head ref` value is an attacker-controlled value, which can lead to command injection when assigned a value like `zzz";echo${IFS}"hello";#`. Since permission is not restricted, the attacker has write-access to the repository. **Recommendations** For kiwitcms/Kiwi versions 12.2 and prior, update to a version that includes commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 to resolve the issue. For kiwitcms/enterprise versions 12.2 and prior, update to a version that includes commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 to resolve the issue. As a temporary workaround, consider restricting access to the `changelog.yml` workflow to minimize the risk of exploitation.