CVE-2023-50786

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://dradis.com/	Product
https://dradis.com/ce	Product
https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/	Third Party Advisory
https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dradisframework:dradis:*:*:*:*:community:*:*:*

History

No history.

Information

Published : 2025-07-05 04:15

Updated : 2025-11-07 01:11

NVD link : CVE-2023-50786

Mitre link : CVE-2023-50786

CVE.ORG link : CVE-2023-50786

JSON object : View

Products Affected

dradisframework

dradis

CWE

CWE-294

Authentication Bypass by Capture-replay

{"id": "CVE-2023-50786", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-07-05T04:15:24.373", "references": [{"url": "https://dradis.com/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://dradis.com/ce", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/", "tags": ["Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-294"}]}], "descriptions": [{"lang": "en", "value": "Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network."}, {"lang": "es", "value": "Dradis, hasta la versi\u00f3n 4.16.0, permite referenciar im\u00e1genes externas (recursos) mediante HTTPS, en lugar de forzar el uso de im\u00e1genes incrustadas (subidas). Esto puede ser aprovechado por un autor autorizado para intentar robar los hashes Net-NTLM de otros autores en una red de dominio Windows."}], "lastModified": "2025-11-07T01:11:54.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dradisframework:dradis:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "1246DF61-AC23-46E3-8079-4F9199D6A062", "versionEndIncluding": "4.16.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}