Vulnerabilities > CVE-2019-19946 - Authorization Bypass Through User-Controlled Key vulnerability in Dradisframework Dradis 3.4.1

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
dradisframework
CWE-639
NVD
Published: 2020-03-16
Updated: 2021-07-21

Summary

The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.

Vulnerable Configurations

Part Description Count
Application
Dradisframework
1

Common Weakness Enumeration (CWE)

References