CVE-2023-5256

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.drupal.org/sa-core-2023-006	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

History

05 Oct 2023, 14:54

Type	Values Removed	Values Added
First Time		Drupal Drupal drupal
CPE		cpe:2.3:a:drupal:drupal::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		NVD-CWE-noinfo
References	~~(MISC) https://www.drupal.org/sa-core-2023-006 -~~	(MISC) https://www.drupal.org/sa-core-2023-006 - Vendor Advisory

28 Sep 2023, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-28 19:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-5256

Mitre link : CVE-2023-5256

CVE.ORG link : CVE-2023-5256

JSON object : View

Products Affected

drupal

drupal

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2023-5256", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2023-09-28T19:15:10.977", "references": [{"url": "https://www.drupal.org/sa-core-2023-006", "tags": ["Vendor Advisory"], "source": "mlhess@drupal.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "mlhess@drupal.org", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.\n\n\n\n"}, {"lang": "es", "value": "En ciertos escenarios, el m\u00f3dulo JSON:API de Drupal generar\u00e1 seguimientos de errores. Con algunas configuraciones, esto puede hacer que la informaci\u00f3n confidencial se almacene en cach\u00e9 y se ponga a disposici\u00f3n de usuarios an\u00f3nimos, lo que lleva a una escalada de privilegios. Esta vulnerabilidad solo afecta a los sitios con el m\u00f3dulo JSON:API habilitado y se puede mitigar desinstalando JSON:API. Los m\u00f3dulos REST principales y GraphQL contribuidos no se ven afectados."}], "lastModified": "2023-10-05T14:54:22.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD7E7B61-D321-47CE-ACB3-08DC6084EBA4", "versionEndExcluding": "9.5.11", "versionStartIncluding": "8.7.0"}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9796BCDF-6CC1-4447-AFE9-BB76BDDE9C68", "versionEndExcluding": "10.0.11", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E98DD977-94BF-4701-A222-BF0E0443197F", "versionEndExcluding": "10.1.4", "versionStartIncluding": "10.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "mlhess@drupal.org"}