Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Dradis

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2023-50458
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.03% / 7.53%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 00:00
Updated-10 Jul, 2025 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.

Action-Not Available
Vendor-dradisframework
Product-Dradis
CWE ID-CWE-1230
Exposure of Sensitive Information Through Metadata
CVE-2023-50786
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.05% / 14.32%
||
7 Day CHG~0.00%
Published-05 Jul, 2025 | 00:00
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

Action-Not Available
Vendor-dradisframework
Product-Dradis
CWE ID-CWE-294
Authentication Bypass by Capture-replay