CVE-2024-45440 Information

Description

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

Reference

https://www.drupal.org/project/drupal/issues/3457781