Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-50786

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

Published

2025-07-05T04:15:24.373

Last Modified

2025-11-07T01:11:54.913

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-294

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dradisframework	dradis	≤ 4.16.0	Yes

References

https://dradis.com/ Product ([email protected])
https://dradis.com/ce Product ([email protected])
https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/ Third Party Advisory ([email protected])
https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/ Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)