Primary

Context

Dradis Information Disclosure Vulnerability in Output Console

Vulnerability

Patched

A vulnerability allowing information disclosure has been identified in Dradis versions prior to 4.11.0. This issue affects both the Dradis Pro and Dradis Community editions. The vulnerability arises in the Output Console, which displays a job queue that may contain information about other users' jobs. When files are uploaded, they are queued before processing, and the console can inadvertently reveal details about jobs from other projects. This could expose sensitive information that should remain confidential. The vulnerability can be exploited by uploading a specially crafted file that delays processing, allowing interception of sensitive data from the console.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information from other users' jobs, potentially including confidential data related to penetration testing activities.

Remediation

Users can upgrade to Dradis version 4.11.0 or later to address this vulnerability.

Added: Jul 10, 2025, 4:17 AM

Updated: Jul 10, 2025, 4:17 AM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.9

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.9

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dradis Information Disclosure Vulnerability in Output Console

Vulnerability

Impact

Remediation

Affected Products

Dradis

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating