What is CVE-2023-5256?

CVE-2023-5256 is a vulnerability in Drupal Core, classified under Information Disclosure. Published 2023-09-28.

Is CVE-2023-5256 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Drupal Core

CVE-2023-5256

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerab…

Vulnerability class: Information Disclosure

EPSS: 0.013 (80.0th percentile) — read the EPSS interpretation.

Affected products

Drupal Core — versions 10.1, 10.0, 9.5

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

elttam/publications

References

www.drupal.org/sa-core-2023-006

Frequently asked questions

What is CVE-2023-5256?: CVE-2023-5256 is a vulnerability in Drupal Core, classified under Information Disclosure. Published 2023-09-28.
Is CVE-2023-5256 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.