Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| kiwitcms(PyPI) | 0 | 12.0 | N/A |
CVSS Metrics
