CVE-2023-5256 (GCVE-0-2023-5256)

Vulnerability from cvelistv5 – Published: 2023-09-28 18:17 – Updated: 2024-09-23 18:25
VLAI?
Title
Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
Summary
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
Vendor Product Version
Drupal Core Affected: 10.1 , ≤ 10.1.4 (semver)
Affected: 10.0 , ≤ 10.0.11 (semver)
Affected: 9.5 , ≤ 9.5.11 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:52:08.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.drupal.org/sa-core-2023-006"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "drupal",
            "vendor": "drupal",
            "versions": [
              {
                "lessThan": "10.1.4",
                "status": "affected",
                "version": "10.1",
                "versionType": "semver"
              },
              {
                "lessThan": "10.0.11",
                "status": "affected",
                "version": "10.0",
                "versionType": "semver"
              },
              {
                "lessThan": "9.5.11",
                "status": "affected",
                "version": "9.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-5256",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-23T18:22:43.682965Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-23T18:25:29.327Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Core",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThanOrEqual": "10.1.4",
              "status": "affected",
              "version": "10.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.11",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.5.11",
              "status": "affected",
              "version": "9.5",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-09-21T18:17:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn certain scenarios, Drupal\u0027s JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\u003c/p\u003e\u003cp\u003eThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\u003c/p\u003e\u003cp\u003eThe core REST and contributed GraphQL modules are not affected.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "In certain scenarios, Drupal\u0027s JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-141",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-141 Cache Poisoning"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-28T18:17:43.128Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-core-2023-006"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Drupal core - Critical - Cache poisoning - SA-CORE-2023-006",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2023-5256",
    "datePublished": "2023-09-28T18:17:43.128Z",
    "dateReserved": "2023-09-28T18:13:12.881Z",
    "dateUpdated": "2024-09-23T18:25:29.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.7.0\", \"versionEndExcluding\": \"9.5.11\", \"matchCriteriaId\": \"AD7E7B61-D321-47CE-ACB3-08DC6084EBA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.0.11\", \"matchCriteriaId\": \"9796BCDF-6CC1-4447-AFE9-BB76BDDE9C68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.1.0\", \"versionEndExcluding\": \"10.1.4\", \"matchCriteriaId\": \"E98DD977-94BF-4701-A222-BF0E0443197F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In certain scenarios, Drupal\u0027s JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\\n\\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\\n\\nThe core REST and contributed GraphQL modules are not affected.\\n\\n\\n\\n\"}, {\"lang\": \"es\", \"value\": \"En ciertos escenarios, el m\\u00f3dulo JSON:API de Drupal generar\\u00e1 seguimientos de errores. Con algunas configuraciones, esto puede hacer que la informaci\\u00f3n confidencial se almacene en cach\\u00e9 y se ponga a disposici\\u00f3n de usuarios an\\u00f3nimos, lo que lleva a una escalada de privilegios. Esta vulnerabilidad solo afecta a los sitios con el m\\u00f3dulo JSON:API habilitado y se puede mitigar desinstalando JSON:API. Los m\\u00f3dulos REST principales y GraphQL contribuidos no se ven afectados.\"}]",
      "id": "CVE-2023-5256",
      "lastModified": "2024-11-21T08:41:23.240",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}]}",
      "published": "2023-09-28T19:15:10.977",
      "references": "[{\"url\": \"https://www.drupal.org/sa-core-2023-006\", \"source\": \"mlhess@drupal.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.drupal.org/sa-core-2023-006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "mlhess@drupal.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"mlhess@drupal.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-5256\",\"sourceIdentifier\":\"mlhess@drupal.org\",\"published\":\"2023-09-28T19:15:10.977\",\"lastModified\":\"2024-11-21T08:41:23.240\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In certain scenarios, Drupal\u0027s JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\\n\\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\\n\\nThe core REST and contributed GraphQL modules are not affected.\\n\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"En ciertos escenarios, el m\u00f3dulo JSON:API de Drupal generar\u00e1 seguimientos de errores. Con algunas configuraciones, esto puede hacer que la informaci\u00f3n confidencial se almacene en cach\u00e9 y se ponga a disposici\u00f3n de usuarios an\u00f3nimos, lo que lleva a una escalada de privilegios. Esta vulnerabilidad solo afecta a los sitios con el m\u00f3dulo JSON:API habilitado y se puede mitigar desinstalando JSON:API. Los m\u00f3dulos REST principales y GraphQL contribuidos no se ven afectados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"mlhess@drupal.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.7.0\",\"versionEndExcluding\":\"9.5.11\",\"matchCriteriaId\":\"AD7E7B61-D321-47CE-ACB3-08DC6084EBA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.11\",\"matchCriteriaId\":\"9796BCDF-6CC1-4447-AFE9-BB76BDDE9C68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.4\",\"matchCriteriaId\":\"E98DD977-94BF-4701-A222-BF0E0443197F\"}]}]}],\"references\":[{\"url\":\"https://www.drupal.org/sa-core-2023-006\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2023-006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.drupal.org/sa-core-2023-006\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:52:08.530Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5256\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-23T18:22:43.682965Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\"], \"vendor\": \"drupal\", \"product\": \"drupal\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.1\", \"lessThan\": \"10.1.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.0.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"9.5\", \"lessThan\": \"9.5.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-23T18:25:19.880Z\"}}], \"cna\": {\"title\": \"Drupal core - Critical - Cache poisoning - SA-CORE-2023-006\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-141\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-141 Cache Poisoning\"}]}], \"affected\": [{\"vendor\": \"Drupal\", \"product\": \"Core\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.4\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.11\"}, {\"status\": \"affected\", \"version\": \"9.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.5.11\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-09-21T18:17:00.000Z\", \"references\": [{\"url\": \"https://www.drupal.org/sa-core-2023-006\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In certain scenarios, Drupal\u0027s JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\\n\\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\\n\\nThe core REST and contributed GraphQL modules are not affected.\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn certain scenarios, Drupal\u0027s JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\u003c/p\u003e\u003cp\u003eThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\u003c/p\u003e\u003cp\u003eThe core REST and contributed GraphQL modules are not affected.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"2c85b837-eb8b-40ed-9d74-228c62987387\", \"shortName\": \"drupal\", \"dateUpdated\": \"2023-09-28T18:17:43.128Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-5256\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-23T18:25:29.327Z\", \"dateReserved\": \"2023-09-28T18:13:12.881Z\", \"assignerOrgId\": \"2c85b837-eb8b-40ed-9d74-228c62987387\", \"datePublished\": \"2023-09-28T18:17:43.128Z\", \"assignerShortName\": \"drupal\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.