This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Full Path Disclosure (FPD) in Drupal 11.x-dev. π **Consequences**: Server file paths are leaked via `core/authorize.php`.β¦
π οΈ **Root Cause**: Improper error handling in `core/authorize.php`. π **Flaw**: If `hash_salt` points to a non-existent file, `file_get_contents` fails and exposes the full path, even if error logging is disabled.β¦
π **Threshold**: Low. π **Auth**: No authentication required. βοΈ **Config**: Triggered by specific `hash_salt` configuration pointing to missing files. π **Ease**: Simple HTTP request manipulation.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π» **Exploit**: Yes, public PoC exists. π **Tool**: Python script available on GitHub (w0r1i0g1ht). π§ͺ **Scanner**: Nuclei templates available (projectdiscovery). π **Status**: Active PoC, easy to reproduce.
Q7How to self-check? (Features/Scanning)
π **Check**: Visit `http://<target>/core/authorize.php`. π€ **Observe**: Look for full path errors in response. π οΈ **Scan**: Use Nuclei template `CVE-2024-45440.yaml`. π **Run**: Execute the provided Python PoC script.
Q8Is it fixed officially? (Patch/Mitigation)
π‘οΈ **Fix**: Update to patched version (if released). π **Official**: Drupal issue tracker #345781 discusses this. β **Status**: Check latest stable release notes for patch inclusion.
Q9What if no patch? (Workaround)
π§ **Workaround**: Ensure `hash_salt` in `settings.php` points to an existing file. π **Mitigation**: Disable `authorize.php` access if not needed.β¦
β‘ **Priority**: Medium. π **Risk**: Information Disclosure only. π‘οΈ **Urgency**: Fix if using dev versions. π **Timeline**: Patch soon to prevent reconnaissance.β¦