What is CVE-2024-45440?

CVE-2024-45440 is a vulnerability in Drupal Core. Published 2024-08-29.

Is CVE-2024-45440 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Drupal Core

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

EPSS: 0.867 (99.4th percentile) — read the EPSS interpretation.

Affected products

Drupal Core — versions v11.x-dev

Public proof-of-concept exploits

w0r1i0g1ht/CVE-2024-45440
zoomdbz/CVE-2024-45440
20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection
fkie-cad/nvd-json-data-feeds
nomi-sec/PoC-in-GitHub

References

www.drupal.org/project/drupal/issues/3457781
senscybersecurity.nl/CVE-2024-45440-Explained/

Frequently asked questions

What is CVE-2024-45440?: CVE-2024-45440 is a vulnerability in Drupal Core. Published 2024-08-29.
Is CVE-2024-45440 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.