CVE-2023-50786

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://dradis.com/	Product
https://dradis.com/ce	Product
https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/	Third Party Advisory
https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dradisframework:dradis:*:*:*:*:community:*:*:*

History

07 Nov 2025, 01:11

Type	Values Removed	Values Added
First Time		Dradisframework Dradisframework dradis
CPE		cpe:2.3:a:dradisframework:dradis:::::community:::*
References	~~() https://dradis.com/ -~~	() https://dradis.com/ - Product
References	~~() https://dradis.com/ce -~~	() https://dradis.com/ce - Product
References	~~() https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/ -~~	() https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/ - Third Party Advisory

Information

Published : 2025-07-05 04:15

Updated : 2025-11-07 01:11

NVD link : CVE-2023-50786

Mitre link : CVE-2023-50786

CVE.ORG link : CVE-2023-50786

JSON object : View

Products Affected

dradisframework

dradis

CWE

CWE-294

Authentication Bypass by Capture-replay

{"id": "CVE-2023-50786", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-07-05T04:15:24.373", "references": [{"url": "https://dradis.com/", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://dradis.com/ce", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/", "tags": ["Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-294"}]}], "descriptions": [{"lang": "en", "value": "Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network."}, {"lang": "es", "value": "Dradis, hasta la versi\u00f3n 4.16.0, permite referenciar im\u00e1genes externas (recursos) mediante HTTPS, en lugar de forzar el uso de im\u00e1genes incrustadas (subidas). Esto puede ser aprovechado por un autor autorizado para intentar robar los hashes Net-NTLM de otros autores en una red de dominio Windows."}], "lastModified": "2025-11-07T01:11:54.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dradisframework:dradis:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "1246DF61-AC23-46E3-8079-4F9199D6A062", "versionEndIncluding": "4.16.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}