CVE

CVE-2024-45440

Severity:

Pending analysis

Type:

Unavailable / Other

Publication date:

29/08/2024

Last modified:

29/08/2024

Description

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

References to Advisories, Solutions, and Tools

https://www.drupal.org/project/drupal/issues/3457781