CVE-2023-50786

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-50786

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50786.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-50786

Published

2025-07-05T04:15:24.373Z

Modified

2026-03-14T12:16:38.376019Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

References

Affected packages

Git / github.com/dradis/dradis-ce

Affected ranges

Type

GIT

Repo

https://github.com/dradis/dradis-ce

Events

Introduced

Last affected

d35d044d9b2cf5baeaecdbfd409d5793f1f6d9e4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.16.0"
        }
    ]
}

Affected versions

v3.*

v3.1.0.rc2

v3.10.0

v3.11.0

v3.11.1

v3.12.0

v3.13.0

v3.14.0

v3.15.0

v3.16.0

v3.17.0

v3.17.1

v3.18.0

v3.19.0

v3.20.0

v3.21.0

v3.22.0

v3.6.0

v3.9.0

v4.*

v4.0.0

v4.1.0

v4.1.2

v4.10.0

v4.11.0

v4.12.0

v4.13.0

v4.14.0

v4.15.0

v4.16.0

v4.2.0

v4.2.1

v4.3.0

v4.4.0

v4.5.0

v4.6.0

v4.7.0

v4.8.0

v4.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50786.json"