Novemberdad

**Name of the Vulnerable Software and Affected Versions** Kiwi TCMS versions prior to 12.2 **Description** Kiwi TCMS is an open source test management system. In versions prior to 12.2, users were able to update their email addresses via the `My profile` admin page without the ownership verification performed during account registration. **Recommendations** For Kiwi TCMS versions prior to 12.2, upgrade to v12.2 or later to receive a patch. As a temporary workaround, consider restricting access to the `My profile` admin page until a patch is available. No other workarounds exist.