Описание
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| trusty/esm | ignored | end of ESM support, was needs-triage |
Показывать по
10
EPSS
Процентиль: 99%
0.79707
Высокий
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
10 месяцев назад
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
CVSS3: 5.3
debian
10 месяцев назад
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (eve ...
CVSS3: 5.3
fstec
10 месяцев назад
Уязвимость файла /core/authorize.php CMS-системы Drupal, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
Процентиль: 99%
0.79707
Высокий
5.3 Medium
CVSS3