• home
  • security reports

Security Reports

This page lists all security vulnerabilities fixed in released versions of dradis. Each vulnerability is given a security impact rating by dradis core team - please note that this rating may vary from platform to platform. We also list the versions of dradis the flaw is known to affect, and where a flaw has not been verified list the version with a question mark.

Please send comments or corrections for these vulnerabilities to: dradis[ {at} ]nomejortu{ [dot] }com.

Fixed in dradis 2.5.2

high: Unauthenticated reflected cross-site scripting

Insufficient output encoding could result in arbitrary JavaScript code being executed if a specially crafted file was uploaded by an authenticated user.

Affects: 2.5.1, 2.5.0 and possibly older versions of Dradis.

Credit: Props go to Russ McRee for identifying this issue.

CVE not assigned yet

Fixed in dradis 2.0.1

high: Missing authentication

The authentication filter was found to be missing in two components of the server module (notes and configuration).

This was fixed in revision 598

Affects: 2.0.0

CVE-2009-0670 (candidate)

using dradis:

download
demo
screenshots
documentation
announcements
license
security reports

developing dradis:

info. for developers
roadmap
CHANGELOG
release timeline
bug tracker
feature requests
subversion

communications channels:

forums
mailing lists
IRC: #dradis at freenode.org

support from:

usefulfor.com
NGSSoftware
MWR InfoSecurity
it.sec GmbH
Netragard LLC
S21sec
blueliv
want your link here? +

If you're part of the community, have used the tool, like the project or want to tell everybody you support the project and it's goals, do not hesitate in contacting us so we can add your link.

RSS Feed | dradis @SourceForge | dradis @FreshMeat | CSS and XHTML
dradis team, original design: Luka Cvrk