Dradis Pro Version 3.4.1

by Florian Nivette, on Dec 30, 2019 10:25:01 AM

ADVISORY SUMMARY

This advisory describes an identified vulnerability in the Dradis Pro application Version 3.4.1. One medium-risk vulnerability was identified within the application.

Impact

The API of Dradis Pro does not properly apply authorization control to project endpoints, which allows any user to access the content of a project, including the vulnerability description. This exposes sensitive information to users who are not part of the project team.

Risk Level

Medium

Affected Vendor

Product Vendor

Product Name

Affected Version

Dradis Dradis Pro application 3.4.1

 

Product Description

Dradis Pro is a collaborative reporting application. The project’s official website is https://dradisframework.com. The latest version of the application is 3.5.0.

Vulnerabilities List:

One vulnerability was identified within the Dradis Pro application:

Solution

Update to version 3.5.0

Credits

Timeline

  1. Initial Discovery: 12/03/2019
  2. Contact with vendor: 12/04/2019
  3. Vendor released patched version 3.5.0: 12/19/2019

VULNERABILITY

INSECURE DIRECT OBJECT REFERENCE 

CVE ID

Security Risk

Impact

Access Vector

CVE-2019-19946 Medium Information Disclosure Remote


The Dradis Pro application was affected by one insecure direct object reference vulnerability (IDOR). These vulnerabilities allowed any user to extract project content through the API to and disclose sensitive information about vulnerabilities affecting Dradis clients.

The vulnerability was located on the /prop/api/issues/ endpoint. This attack can be demonstrated with the following payload:

GET /pro/api/issues/ HTTP/1.1 Host: dradis.pro.domain Connection: close Accept-Encoding: gzip, deflate Accept: */* Dradis-Project-Id: [PROJECT ID] Authorization: Token token="[REDACTED]"

FIGURE 1 - Payload used to access project content

This could lead to leaking sensitive information related to clients.

Vulnerabilities:IDOR

Comments

Vulnerability Disclosure Policy

Bishop Fox takes security issues very seriously. We believe in coordinated disclosure, and we work closely with vendors and clients to patch vulnerabilities promptly. More on our Disclosure Policy →

Subscribe to Updates