Drupal Security Advisory
The Migrate Tools module provides tools for running and managing Drupal migrations.
The module doesn’t sufficiently protect against Cross Site Request Forgery under specific scenarios allowing an attacker to trick an authenticated administrator into initiating a migration.
This vulnerability is mitigated by the fact that an attacker must know the name of the migration.
Install the latest version:
- If you use the Migrate Tools module for Drupal 10, upgrade to Migrate Tools 6.0.3
- Greg Knaddison of the Drupal Security Team