Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024

Project: Migrate queue importerDate: 2024-May-29Security risk: Moderately critical 10∕25 AC:Basic/A:Admin/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryAffected versions: <2.1.1Description: The Migrate queue importer module enables you to create cron migrations(configuration entities) with a reference towards migration entities in order to import them during cron runs.
The module doesn't sufficiently protect against Cross Site Request Forgery
under specific scenarios allowing an attacker to enable/disable a cron migration.
This vulnerability is mitigated by the fact that an attacker must know the
id of the migration.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2024-024