exploitDog

CVE-2023-50786

Опубликовано: 05 июл. 2025

Источник: nvd

CVSS3: 4.1

CVSS3: 4.3

EPSS Низкий

Описание

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

Ссылки

https://dradis.com/
Product
https://dradis.com/ce
Product
https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/
Third Party Advisory
https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dradisframework:dradis:*:*:*:*:community:*:*:*

Версия до 4.16.0 (включая)

EPSS

Процентиль: 11%

0.00037

Низкий

4.1 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-294

Связанные уязвимости

GHSA-2chh-r2hc-8q2g

CVSS3: 4.1

github

7 месяцев назад

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

EPSS

Процентиль: 11%

0.00037

Низкий

4.1 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-294