File Path Disclosure Vulnerability in Drupal 11.x-dev

CVE-2024-45440

5.3MEDIUM

Key Information

Vendor: Drupal
Status: Drupal
Vendor: CVE Published:; 29 August 2024

Summary

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

Refferences

https://www.drupal.org/project/drupal/issues/3457781

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2024
Vulnerability Reserved
Aug 29, 2024

Collectors

NVD DatabaseMitre Database