Lucene search
GoogleOSV:BIT-DRUPAL-2023-5256HistoryMar 06, 2024 - 10:51 a.m.
BIT-drupal-2023-5256
2024-03-0610:51:30
Google
osv.dev
5
drupal
json:api
error backtraces
sensitive information
anonymous users
privilege escalation
vulnerability
rest
graphql
In certain scenarios, Drupal’s JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.The core REST and contributed GraphQL modules are not affected.
References
Related
nessus
nessus
cve
cve
CVE-2023-5256
2023-09-28 19:15:10
openvas
openvas
Drupal Cache Poisoning Vulnerability (SA-CORE-2023-006) - Windows
2023-09-21 00:00:00
Drupal Cache Poisoning Vulnerability (SA-CORE-2023-006) - Linux
2023-09-21 00:00:00
github
github
Cache poisoning in drupal/core
2023-09-28 21:30:58
osv
osv
CVE-2023-5256
2023-09-28 19:15:10
Cache poisoning in drupal/core
2023-09-28 21:30:58
prion
prion
Privilege escalation
2023-09-28 19:15:00
cvelist
cvelist
CVE-2023-5256 Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
2023-09-28 18:17:43
drupal
drupal
Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
2023-09-20 00:00:00
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
18.9%
Related for OSV:BIT-DRUPAL-2023-5256