CVE-2024-45440

Name of the Vulnerable Software and Affected Versions: Drupal versions 11.x-dev

Description: The issue is related to a Full Path Disclosure flaw in the core/authorize.php file of the Drupal CMS system. This flaw allows an attacker to disclose system data without authorization. The vulnerability can be exploited if the value of hash salt is set to file get contents of a non-existent file. This can lead to the disclosure of protected information. The estimated number of potentially affected devices is not specified.

Recommendations: For Drupal versions 11.x-dev, consider disabling the core/authorize.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the hash salt parameter with file get contents of a non-existent file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.