GoogleOSV:GHSA-RJQG-3H9M-FX5XCache poisoning in drupal/core
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
25.5%
In certain scenarios, Drupal’s JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.
This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.
The core REST and contributed GraphQL modules are not affected.
References
github.com/drupal/core
github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742
github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc
github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24
nvd.nist.gov/vuln/detail/CVE-2023-5256
www.drupal.org/sa-core-2023-006
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
25.5%