BIT-drupal-2023-5256

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2023-5256.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-drupal-2023-5256
Aliases
Published
2024-03-06T10:51:30.695Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.The core REST and contributed GraphQL modules are not affected.

Database specific
{
    "cpes": [
        "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / drupal

Package

Name
drupal
Purl
pkg:bitnami/drupal

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.7.0
Fixed
9.5.11
Introduced
10.0.0
Fixed
10.0.11
Introduced
10.1.0
Fixed
10.1.4