← Voltar para CVEs

CVE-2023-50786

MEDIUM

4.1

Descricao

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

Detalhes CVE

Pontuacao CVSS v3.14.1

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado7/5/2025

Ultima modificacao11/7/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

dradisframework:dradis

Fraquezas (CWE)

CWE-294

Referencias

https://dradis.com/(cve@mitre.org)

https://dradis.com/ce(cve@mitre.org)

https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/(cve@mitre.org)

https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.