CVE-2023-50786 MEDIUM

CVE-2023-50786

Vendor Dradisframework
Product Dradis
Weakness CWE-294
Published July 5, 2025
Last update July 7, 2025

CVSS base score

4.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

Key dates

02Disclosure timeline

July 5, 2025 CVE published
July 7, 2025 Record updated