CVE-2023-50786

Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.1 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
mitreCNA
4.1 MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://dradis.com/
https://dradis.com/ce
https://securiteam.io/2025/07/04/cve-2023-50786-dradis-ntlm-theft-vulnerability/