Migrate Tools – Moderately critical – Cross Site Request Forgery – SA-CONTRIB-2024-008

Drupal Security Advisory

Project: 
Date: 
2024-February-07
Vulnerability: 
Cross Site Request Forgery
Affected versions: 
<6.0.3
Description: 

The Migrate Tools module provides tools for running and managing Drupal migrations.

The module doesn’t sufficiently protect against Cross Site Request Forgery under specific scenarios allowing an attacker to trick an authenticated administrator into initiating a migration.

This vulnerability is mitigated by the fact that an attacker must know the name of the migration.

Solution: 

Install the latest version:

Reported By: 
Coordinated By: 

READ MORE