CVE-2023-31223
📋 TL;DR
Dradis versions before 4.8.0 contain a persistent cross-site scripting (XSS) vulnerability in avatar handling that allows authenticated author users to inject malicious scripts. When exploited, these scripts execute in the browsers of other users viewing the compromised content. This affects all Dradis deployments with author users who can upload or modify avatars.
💻 Affected Systems
- Dradis Community Edition
- Dradis Professional
📦 What is this software?
Dradis by Dradisframework
⚠️ Risk & Real-World Impact
Worst Case
An attacker with author privileges could steal session cookies, perform actions as other users, deface the application, or redirect users to malicious sites, potentially leading to full account compromise and data theft.
Likely Case
Authenticated attackers could perform session hijacking, modify content viewed by other users, or conduct phishing attacks within the application context.
If Mitigated
With proper input validation and output encoding, the risk is reduced to minimal, though the vulnerability still exists in unpatched versions.
🎯 Exploit Status
Exploitation requires authenticated author access; the vulnerability is in avatar handling where malicious scripts can be injected and persist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.8.0
Vendor Advisory: https://dradisframework.com/ce/security_reports.html#fixed-4.8.0
Restart Required: Yes
Instructions:
1. Backup your Dradis database and configuration. 2. Update Dradis to version 4.8.0 or later using your package manager or manual installation. 3. Restart the Dradis service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Author Privileges
allTemporarily limit author user permissions or disable avatar uploads until patching is complete.
# Modify Dradis configuration to restrict avatar uploads or author privileges
🧯 If You Can't Patch
- Implement strict input validation and output encoding for avatar fields in the application code.
- Use web application firewalls (WAF) to filter XSS payloads and monitor for suspicious avatar uploads.
🔍 How to Verify
Check if Vulnerable:
Check the Dradis version; if it's below 4.8.0, it is vulnerable. Review user roles to confirm if author users exist.Check Version:
dradis --version or check the web interface footer for version informationVerify Fix Applied:
After updating, confirm the version is 4.8.0 or higher and test avatar uploads with XSS payloads to ensure they are sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual avatar uploads with script-like content
- Multiple failed login attempts followed by author user activity
Network Indicators:
- HTTP requests containing XSS payloads in avatar parameters
- Unexpected outbound connections from Dradis server
SIEM Query:
source="dradis_logs" AND (avatar_upload OR user_role="author") AND (script OR javascript OR <script>)🔗 References
- https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-31223
- https://dradisframework.com/ce/security_reports.html#fixed-4.8.0
- https://excellium-services.com/cert-xlm-advisory/cve-2023-31223/
- https://dradisframework.com/ce/security_reports.html#fixed-4.8.0
- https://excellium-services.com/cert-xlm-advisory/cve-2023-31223/
