CVE-2024-45440 — AI Deep Analysis Summary

🚨 **Essence**: Full Path Disclosure (FPD) in Drupal 11.x-dev. 📂 **Consequences**: Server file paths are leaked via `core/authorize.php`.…

🛠️ **Root Cause**: Improper error handling in `core/authorize.php`. 📉 **Flaw**: If `hash_salt` points to a non-existent file, `file_get_contents` fails and exposes the full path, even if error logging is disabled.…

🎯 **Affected**: Drupal Core. 📦 **Version**: 11.x-dev (Development versions). 🏢 **Vendor**: Drupal Community. ⚠️ **Note**: Primarily affects dev builds, but check if production uses unstable branches.

🕵️ **Action**: Hackers can read server directory structures. 🔓 **Privileges**: No code execution or data theft directly. 📂 **Data**: Only file paths are exposed. 🧩 **Goal**: Reconnaissance for subsequent exploits.

🔓 **Threshold**: Low. 🌐 **Auth**: No authentication required. ⚙️ **Config**: Triggered by specific `hash_salt` configuration pointing to missing files. 🚀 **Ease**: Simple HTTP request manipulation.

💻 **Exploit**: Yes, public PoC exists. 🐍 **Tool**: Python script available on GitHub (w0r1i0g1ht). 🧪 **Scanner**: Nuclei templates available (projectdiscovery). 🌍 **Status**: Active PoC, easy to reproduce.

🔍 **Check**: Visit `http://<target>/core/authorize.php`. 📤 **Observe**: Look for full path errors in response. 🛠️ **Scan**: Use Nuclei template `CVE-2024-45440.yaml`. 🐍 **Run**: Execute the provided Python PoC script.

🛡️ **Fix**: Update to patched version (if released). 📝 **Official**: Drupal issue tracker #345781 discusses this. ✅ **Status**: Check latest stable release notes for patch inclusion.

🚧 **Workaround**: Ensure `hash_salt` in `settings.php` points to an existing file. 🛑 **Mitigation**: Disable `authorize.php` access if not needed.…

⚡ **Priority**: Medium. 📉 **Risk**: Information Disclosure only. 🛡️ **Urgency**: Fix if using dev versions. 📅 **Timeline**: Patch soon to prevent reconnaissance.…