This advisory describes an identified vulnerability in the Dradis Pro application Version 3.4.1. One medium-risk vulnerability was identified within the application.
The API of Dradis Pro does not properly apply authorization control to project endpoints, which allows any user to access the content of a project, including the vulnerability description. This exposes sensitive information to users who are not part of the project team.
|Dradis||Dradis Pro application||3.4.1|
Dradis Pro is a collaborative reporting application. The project’s official website is https://dradisframework.com. The latest version of the application is 3.5.0.
One vulnerability was identified within the Dradis Pro application:
Update to version 3.5.0
- Bastian Faure, Security Associate, Bishop Fox - email@example.com
- Florian Nivette, Managing Security Associate, Bishop Fox - firstname.lastname@example.org
- Initial Discovery: 12/03/2019
- Contact with vendor: 12/04/2019
- Vendor released patched version 3.5.0: 12/19/2019
INSECURE DIRECT OBJECT REFERENCE
The Dradis Pro application was affected by one insecure direct object reference vulnerability (IDOR). These vulnerabilities allowed any user to extract project content through the API to and disclose sensitive information about vulnerabilities affecting Dradis clients.
The vulnerability was located on the
<span style="font-size:16px;background-color:#c2d6f2;"><code><span style="font-size:16px;">/prop/api/issues/</span></code></span> endpoint. This attack can be demonstrated with the following payload:
GET /pro/api/issues/ HTTP/1.1 Host: dradis.pro.domain Connection: close Accept-Encoding: gzip, deflate Accept: */* Dradis-Project-Id: <strong><span style="color:#c2282e;">[PROJECT ID]</span></strong> Authorization: Token token="<strong>[REDACTED]</strong>"
FIGURE 1 - Payload used to access project content
This could lead to leaking sensitive information related to clients.
You might be interested in these related posts.