hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
e13c138232f1f6ad2beb2189624749cda2ef1878
websafe-kb/08-threat-intel/registry/advisories/drupal--e8587ffc80.json

145 行
12 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "drupal--e8587ffc80",
"system_id": "drupal",
"display_name": "Drupal",
"category": "cms",
"advisory_mode": "core",
"title": "Drupal core - Critical - Cache poisoning - SA-CORE-2023-006",
"summary": "<div class=\"field field-name-field-project field-type-entityreference field-label-inline clearfix\"><div class=\"field-label\">Project:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><a href=\"/project/drupal\">Drupal core</a></div></div></div><div class=\"field field-name-drupalorg-sa-date field-type-text field-label-inline clearfix\"><div class=\"field-label\">Date:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\">2023-September-20</div></div></div><div class=\"field field-name-field-sa-criticality field-type-text field-label-inline clearfix\"><div class=\"field-label\">Security risk:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><a href=\"/security-team/risk-levels\" class=\"critical\" title=\"AC - Access complexity: Complex or highly specific (multi-step, unintuitive process with high number of dependencies)\nA - Authentication: None (all/anonymous users)\nCI - Confidentiality impact: All non-public data is accessible\nII - Integrity impact: Some data can be modified\nE - Exploit (Zero-day impact): Theoretical or white-hat (no public exploit code or documentation on development exists)\nTD - Target distribution: Default or common module configurations are exploitable, but a config change can disable the exploit\"><strong>Critical</strong> 16\u2009\u2215\u200925 AC:Complex/A:None/CI:All/II:Some/E:Theoretical/TD:Default</a></div></div></div><div class=\"field field-name-field-sa-type field-type-text field-label-inline clearfix\"><div class=\"field-label\">Vulnerability:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\">Cache poisoning</div></div></div><div class=\"field field-name-field-affected-versions field-type-text field-label-inline clearfix\"><div class=\"field-label\">Affected versions:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\">&gt;=8.7.0 &lt;9.5.11 || &gt;=10.0 &lt;10.0.11 || &gt;= 10.1 &lt;10.1.4</div></div></div><div class=\"field field-name-field-sa-cve field-type-text field-label-inline clearfix\"><div class=\"field-label\">CVE IDs:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\">CVE-2023-5256</div></div></div><div class=\"field field-name-field-sa-description field-type-text-long field-label-above\"><div class=\"field-label\">Description:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><p>In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.</p>\n<p>This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.</p>\n<p>The core REST and contributed GraphQL modules are not affected.</p>\n<p><a href=\"/steward\" rel=\"nofollow\">Drupal Steward</a> partners have been made aware of this issue. Some platforms may provide mitigations. However, not all WAF configurations can mitigate the issue, so it is still recommended to update promptly to this security release if your site uses JSON:API.</p></div></div></div><div class=\"field field-name-field-sa-solution field-type-text-long field-label-above\"><div class=\"field-label\">Solution:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><p>Install the latest version:</p>\n<ul>\n<li>If you are using Drupal 10.1, update to <a href=\"https://www.drupal.org/project/drupal/releases/10.1.4\" rel=\"nofollow\">Drupal 10.1.4</a>.</li>\n<li>If you are using Drupal 10.0, update to <a href=\"https://www.drupal.org/project/drupal/releases/10.0.11\" rel=\"nofollow\">Drupal 10.0.11</a>.</li>\n<li>If you are using Drupal 9.5, update to <a href=\"https://www.drupal.org/project/drupal/releases/9.5.11\" rel=\"nofollow\">Drupal 9.5.11</a>.</li>\n</ul>\n<p>All versions of Drupal 9 prior to 9.5 are end-of-life and do not receive security coverage. Note that <a href=\"https://www.drupal.org/psa-2021-06-29\" rel=\"nofollow\">Drupal 8 has reached its end of life</a>.</p>\n<p>Drupal 7 is not affected.</p></div></div></div><div class=\"field field-name-field-sa-reported-by field-type-text-long field-label-above\"><div class=\"field-label\">Reported By:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><ul>\n<li><a href=\"https://www.drupal.org/user/3778490\" rel=\"nofollow\">ghostccamm </a></li>\n</ul></div></div></div><div class=\"field field-name-field-sa-fixed-by field-type-text-long field-label-above\"><div class=\"field-label\">Fixed By:&nbsp;</div><div class=\"field-items\"><div class=\"field-item even\"><ul>\n<li><a href=\"https://www.drupal.org/user/255969\" rel=\"nofollow\">Drew Webber</a> of the Drupal Security Team</li>\n<li><a href=\"https://www.drupal.org/user/49851\" rel=\"nofollow\">Peter Wolanin</a> of the Drupal Security Team</li>\n<li><a href=\"https://www.drupal.org/user/35733\" rel=\"nofollow\">Nathaniel Catchpole</a> of the Drupal Security Team</li>\n<li><a href=\"https://www.drupal.org/user/78040\" rel=\"nofollow\">Alex Bronstein</a> of the Drupal Security Team</li>\n<li><a href=\"https://www.drupal.org/user/395439\" rel=\"nofollow\">Lee Rowlands</a> of the Drupal Security Team</li>\n<li><a href=\"https://www.drupal.org/user/65776\" rel=\"nofollow\">xjm</a> of the Drupal Security Team</li>\n<li><a href=\"https://www.drupal.org/user/99777\" rel=\"nofollow\">Wim Leers</a></li>\n<li><a href=\"https://www.drupal.org/user/683300\" rel=\"nofollow\">Benji Fisher</a> of the Drupal Security Team</li>\n</ul></div></div></div>",
"published_at": "Wed, 20 Sep 2023 16:23:05 +0000",
"updated_at": "Wed, 20 Sep 2023 16:23:05 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://www.drupal.org/sa-core-2023-006",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"file-upload-validation",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"entity_refs": [
{
"entity_id": "drupal",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "drupal",
"official": true
}
],
"affected_components": [
{
"name": "Drupal",
"entity_id": "drupal",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_evidence_sources": [
"https://www.drupal.org/sa-core-2023-006"
],
"advisory_scope": "core",
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"workflow": {
"workflow_id": "drupal--e8587ffc80--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "official-image",
"blocked_reason": null,
"metadata": {
"source_names": [
"Drupal Security Advisories RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1,
"entity_ref_count": 1,
"advisory_scope": "core",
"version_confidence": "low",
"workflow_id": "drupal--e8587ffc80--workflow"
}
}
在新工单中引用 查看 Git Blame 复制永久链接