S4E

CVE-2024-45440 Scanner

CVE-2024-45440 Scanner - Information Disclosure vulnerability in Drupal

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

3 weeks 3 hours

Scan only one

URL

Toolbox

-

Drupal is a popular content management system (CMS) used by websites worldwide for creating, managing, and publishing content. Organizations utilize Drupal due to its robust framework, flexibility, and the ability to support complex web applications. It is often used by educational institutions, government agencies, and large businesses to build and maintain dynamic websites. Drupal provides a platform for customizing site features and aesthetics, supporting numerous third-party plugins and extensions. Its open-source nature allows developers to collaborate and contribute to expanding its capacity and functionality. The system is known for maintaining strong security standards and providing regular updates to address vulnerabilities.

Information Disclosure vulnerabilities arise when a web application discloses data that is not intended to be accessible by unauthorized users. This specific vulnerability pertains to Drupal x-dev, where core/authorize.php may unintentionally expose full path information. The issue occurs if the value of hash_salt is set to file_get_contents of a non-existent file, potentially revealing system paths. This vulnerability might compromise the site's confidentiality by leaking internal path structures to attackers. Exposing such details can aid attackers in crafting more targeted cyber threats against the site.

This vulnerability involves the core/authorize.php endpoint in Drupal's x-dev version, where a misconfigured hash_salt value can lead to file path disclosure. Specifically, the vulnerability is triggered when the hash_salt is instructed to retrieve content from a file path that does not exist. Upon this misconfiguration, the system throws a RuntimeException, alongside exposing part of its internal path in the process. By accessing particular URL paths, attackers can exploit this process to gather insights about the file structure. Ensuring that error logging configurations are correctly set is pivotal in preventing such disclosures.

When exploited, this vulnerability could grant attackers access to sensitive path information within the Drupal installation. Such disclosures can serve as a stepping stone for further intrusions, as attackers may use the information to map the application’s internal file structure. This knowledge could assist attackers in identifying additional vulnerabilities, manipulating file paths, or conducting further reconnaissance. Ultimately, exploiting this flaw could compromise the integrity of the web application, leading to unauthorized access or data breaches. Protecting against this requires vigilant configuration and a proactive security posture.

REFERENCES

Get started to protecting your Free Full Security Scan