CVE-2023-5256

Name of the Vulnerable Software and Affected Versions Drupal JSON:API module (affected versions not specified)

Description In certain scenarios, Drupal's JSON:API module will output error backtraces, potentially causing sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This issue can be exploited by causing a 4xx response when an administrator visits a crafted URL on the JSON:API, allowing an attacker to cache an administrator's session cookies. For example, this can be done using the API endpoint "/jsonapi/user/user" with a specific filter, such as filter[a-labex][condition][path]=cachingyourcookie. The core REST and contributed GraphQL modules are not affected.

Recommendations To mitigate this issue, consider uninstalling the JSON:API module until a patch is available. As a temporary workaround, restrict access to the JSON:API module to minimize the risk of exploitation. Avoid using the JSON:API module with configurations that may cause sensitive information to be cached and made available to anonymous users.