CVE-2023-5256 - OpenCVE

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal

Configuration 1 [-]

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

No data.

References

Link	Providers
https://www.drupal.org/sa-core-2023-006

History

No history.

MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2023-09-28T18:17:43.128Z

Updated: 2024-08-02T07:52:08.530Z

Reserved: 2023-09-28T18:13:12.881Z

Link: CVE-2023-5256

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-28T19:15:10.977

Modified: 2023-10-05T14:54:22.537

Link: CVE-2023-5256

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5256", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2023-09-28T18:13:12.881Z", "datePublished": "2023-09-28T18:17:43.128Z", "dateUpdated": "2024-08-02T07:52:08.530Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Core", "vendor": "Drupal", "versions": [{"lessThanOrEqual": "10.1.4", "status": "affected", "version": "10.1", "versionType": "semver"}, {"lessThanOrEqual": "10.0.11", "status": "affected", "version": "10.0", "versionType": "semver"}, {"lessThanOrEqual": "9.5.11", "status": "affected", "version": "9.5", "versionType": "semver"}]}], "datePublic": "2023-09-21T18:17:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.</p><p>This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.</p><p>The core REST and contributed GraphQL modules are not affected.</p><br><br>"}], "value": "In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-141", "descriptions": [{"lang": "en", "value": "CAPEC-141 Cache Poisoning"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2023-09-28T18:17:43.128Z"}, "references": [{"url": "https://www.drupal.org/sa-core-2023-006"}], "source": {"discovery": "UNKNOWN"}, "title": "Drupal core - Critical - Cache poisoning - SA-CORE-2023-006", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.530Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.drupal.org/sa-core-2023-006", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD7E7B61-D321-47CE-ACB3-08DC6084EBA4", "versionEndExcluding": "9.5.11", "versionStartIncluding": "8.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "9796BCDF-6CC1-4447-AFE9-BB76BDDE9C68", "versionEndExcluding": "10.0.11", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "E98DD977-94BF-4701-A222-BF0E0443197F", "versionEndExcluding": "10.1.4", "versionStartIncluding": "10.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.\n\n\n\n"}, {"lang": "es", "value": "En ciertos escenarios, el m\u00f3dulo JSON:API de Drupal generar\u00e1 seguimientos de errores. Con algunas configuraciones, esto puede hacer que la informaci\u00f3n confidencial se almacene en cach\u00e9 y se ponga a disposici\u00f3n de usuarios an\u00f3nimos, lo que lleva a una escalada de privilegios. Esta vulnerabilidad solo afecta a los sitios con el m\u00f3dulo JSON:API habilitado y se puede mitigar desinstalando JSON:API. Los m\u00f3dulos REST principales y GraphQL contribuidos no se ven afectados."}], "id": "CVE-2023-5256", "lastModified": "2023-10-05T14:54:22.537", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-28T19:15:10.977", "references": [{"source": "mlhess@drupal.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-core-2023-006"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}