PT-2020-10302 · Dradis · Dradis Pro

Bastian Faure

Published

2020-03-16

Updated

2021-07-21

CVE-2019-19946

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dradis Pro version 3.4.1

Description The issue allows any user to extract the content of a project, even if the user is not part of the project team, through the API.

Recommendations For Dradis Pro version 3.4.1, consider restricting access to the API to prevent unauthorized project content extraction until a patch is available.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2019-19946

Affected Products

Dradis Pro

PT-2020-10302 · Dradis · Dradis Pro

CVE-2019-19946

Weakness Enumeration

Related Identifiers

Affected Products

References · 5