CVE-2023-50786

Name of the Vulnerable Software and Affected Versions: Dradis versions through 4.16.0

Description: Dradis allows referencing external images over HTTPS instead of requiring the use of embedded images. This can be exploited by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.

Recommendations: Dradis versions prior to 4.16.0: Ensure that only embedded (uploaded) images are used, and external HTTPS image references are disabled.