Plattform
drupal
Komponente
drupal
Behoben in
10.1.5
10.0.12
9.5.12
9.5.11
9.5.11
9.5.11
CVE-2023-5256 describes a sensitive data exposure vulnerability within the JSON:API module of Drupal Core. Under specific configurations, error backtraces containing sensitive information can be cached and exposed to anonymous users, potentially leading to privilege escalation. This issue affects Drupal Core versions up to and including 9.5.9. The vulnerability is resolved in Drupal version 9.5.11.
The primary impact of CVE-2023-5256 lies in the potential exposure of sensitive information. Attackers could exploit this vulnerability to gain unauthorized access to internal system details, such as database connection strings, API keys, or even code snippets. This information could then be leveraged to escalate privileges, potentially allowing an attacker to gain administrative control over the Drupal site. The risk is amplified if the exposed backtraces are cached, as this would make the information persistently available to unauthorized users. While the core REST and GraphQL modules are not directly affected, any site relying on JSON:API for data access is at risk. The blast radius extends to any data accessible through the JSON:API endpoints, potentially including user data, configuration settings, and other critical information.
CVE-2023-5256 was published on September 28, 2023. Its CVSS score of 9.5 (CRITICAL) reflects the high severity of the vulnerability. While no public exploits have been widely reported, the ease of exploitation and the potential for significant impact make it a high-priority concern. The vulnerability is not currently listed on KEV or EPSS, but the high CVSS score suggests a medium to high probability of exploitation. Organizations should prioritize patching or mitigation to prevent potential attacks.
Exploit-Status
EPSS
1.29% (80% Perzentil)
The most effective mitigation for CVE-2023-5256 is to upgrade Drupal Core to version 9.5.11 or later, which contains the fix. If upgrading immediately is not feasible, temporarily disabling the JSON:API module is a viable workaround. This will prevent the exposure of error backtraces but will also disable any functionality relying on the module. Consider implementing a Web Application Firewall (WAF) rule to filter out requests that trigger the error backtrace output. While a specific Sigma or YARA rule isn't readily available, monitoring Drupal logs for unusual error patterns related to JSON:API can help detect potential exploitation attempts. After upgrading, confirm the vulnerability is resolved by attempting to trigger an error within the JSON:API module and verifying that no sensitive information is exposed in the response.
Desinstale el módulo JSON:API para mitigar la vulnerabilidad. Alternativamente, actualice Drupal Core a la última versión disponible que contenga la corrección para este problema. Consulte el anuncio de seguridad de Drupal para obtener más detalles y parches.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
No, it only affects sites with the JSON:API module enabled.
Update the module to version 9.5.11 or higher.
If you have the JSON:API module enabled, your site is likely vulnerable. Perform penetration testing or consult with a Drupal security expert.
Vulnerability scanners can detect this vulnerability, but manual testing is important to confirm its presence.
File paths, database names, source code, and other confidential information found in error backtraces.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine composer.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.