OpenCVE

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Drupal	Drupal

Configuration 1 [-]

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

No data.

References

Link	Providers
https://www.drupal.org/sa-core-2023-006

History

Mon, 23 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2023-09-28T18:17:43.128Z

Updated: 2024-09-23T18:25:29.327Z

Reserved: 2023-09-28T18:13:12.881Z

Link: CVE-2023-5256

Vulnrichment

Updated: 2024-08-02T07:52:08.530Z

NVD

Status : Modified

Published: 2023-09-28T19:15:10.977

Modified: 2024-11-21T08:41:23.240

Link: CVE-2023-5256

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5256", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2023-09-28T18:13:12.881Z", "datePublished": "2023-09-28T18:17:43.128Z", "dateUpdated": "2024-09-23T18:25:29.327Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Core", "vendor": "Drupal", "versions": [{"lessThanOrEqual": "10.1.4", "status": "affected", "version": "10.1", "versionType": "semver"}, {"lessThanOrEqual": "10.0.11", "status": "affected", "version": "10.0", "versionType": "semver"}, {"lessThanOrEqual": "9.5.11", "status": "affected", "version": "9.5", "versionType": "semver"}]}], "datePublic": "2023-09-21T18:17:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.</p><p>This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.</p><p>The core REST and contributed GraphQL modules are not affected.</p><br><br>"}], "value": "In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-141", "descriptions": [{"lang": "en", "value": "CAPEC-141 Cache Poisoning"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2023-09-28T18:17:43.128Z"}, "references": [{"url": "https://www.drupal.org/sa-core-2023-006"}], "source": {"discovery": "UNKNOWN"}, "title": "Drupal core - Critical - Cache poisoning - SA-CORE-2023-006", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.530Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.drupal.org/sa-core-2023-006", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "drupal", "product": "drupal", "cpes": ["cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "10.1", "status": "affected", "lessThan": "10.1.4", "versionType": "semver"}, {"version": "10.0", "status": "affected", "lessThan": "10.0.11", "versionType": "semver"}, {"version": "9.5", "status": "affected", "lessThan": "9.5.11", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T18:22:43.682965Z", "id": "CVE-2023-5256", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T18:25:29.327Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.drupal.org/sa-core-2023-006", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.530Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-5256", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-23T18:22:43.682965Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"], "vendor": "drupal", "product": "drupal", "versions": [{"status": "affected", "version": "10.1", "lessThan": "10.1.4", "versionType": "semver"}, {"status": "affected", "version": "10.0", "lessThan": "10.0.11", "versionType": "semver"}, {"status": "affected", "version": "9.5", "lessThan": "9.5.11", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T18:25:19.880Z"}}], "cna": {"title": "Drupal core - Critical - Cache poisoning - SA-CORE-2023-006", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-141", "descriptions": [{"lang": "en", "value": "CAPEC-141 Cache Poisoning"}]}], "affected": [{"vendor": "Drupal", "product": "Core", "versions": [{"status": "affected", "version": "10.1", "versionType": "semver", "lessThanOrEqual": "10.1.4"}, {"status": "affected", "version": "10.0", "versionType": "semver", "lessThanOrEqual": "10.0.11"}, {"status": "affected", "version": "9.5", "versionType": "semver", "lessThanOrEqual": "9.5.11"}], "defaultStatus": "unaffected"}], "datePublic": "2023-09-21T18:17:00.000Z", "references": [{"url": "https://www.drupal.org/sa-core-2023-006"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.</p><p>This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.</p><p>The core REST and contributed GraphQL modules are not affected.</p><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2023-09-28T18:17:43.128Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5256", "state": "PUBLISHED", "dateUpdated": "2024-09-23T18:25:29.327Z", "dateReserved": "2023-09-28T18:13:12.881Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2023-09-28T18:17:43.128Z", "assignerShortName": "drupal"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD7E7B61-D321-47CE-ACB3-08DC6084EBA4", "versionEndExcluding": "9.5.11", "versionStartIncluding": "8.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "9796BCDF-6CC1-4447-AFE9-BB76BDDE9C68", "versionEndExcluding": "10.0.11", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "E98DD977-94BF-4701-A222-BF0E0443197F", "versionEndExcluding": "10.1.4", "versionStartIncluding": "10.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.\n\n\n\n"}, {"lang": "es", "value": "En ciertos escenarios, el m\u00f3dulo JSON:API de Drupal generar\u00e1 seguimientos de errores. Con algunas configuraciones, esto puede hacer que la informaci\u00f3n confidencial se almacene en cach\u00e9 y se ponga a disposici\u00f3n de usuarios an\u00f3nimos, lo que lleva a una escalada de privilegios. Esta vulnerabilidad solo afecta a los sitios con el m\u00f3dulo JSON:API habilitado y se puede mitigar desinstalando JSON:API. Los m\u00f3dulos REST principales y GraphQL contribuidos no se ven afectados."}], "id": "CVE-2023-5256", "lastModified": "2024-11-21T08:41:23.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-09-28T19:15:10.977", "references": [{"source": "mlhess@drupal.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-core-2023-006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-core-2023-006"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "mlhess@drupal.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}