Drupal Full Path Disclosure Vulnerability [CVE-2024-45440]
CVE number = CVE-2024-45440
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
After installing the Drupal application the developer can change the hash_salt variable on line 268 in the /sites/default/settings.php file.
Further details = https://www.drupal.org/project/drupal/issues/3457781
Blogger at www.systemtek.co.uk