CVE-2023-36809

Name of the Vulnerable Software and Affected Versions Kiwi TCMS versions prior to 12.5

Description The issue is related to the upload of attachments to test plans and test cases in Kiwi TCMS. Earlier versions of Kiwi TCMS had changes to serve all uploaded files as plain text to prevent browsers from executing potentially dangerous files. However, the previous Nginx configuration was incorrect, allowing certain browsers like Firefox to ignore the Content-Type: text/plain header on some occasions, thus allowing potentially dangerous scripts to be executed. Additionally, file upload validators and parts of the HTML rendering code required additional sanitation and improvements. The tree view html() function also needed sanitization of test plan names.

Recommendations For versions prior to 12.5, update to version 12.5, which includes an updated Nginx content type configuration, improved file upload validation code, and sanitization of test plan names used in the tree view html() function. As a temporary workaround, consider restricting file uploads and access to potentially dangerous files until the update is applied.