Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024

2024-05-2900:00:00

Drupal Security Team

www.drupal.org

migrate queue importer

cross site request forgery

sa-contrib-2024-024

cron migrations

software

AI Score

Confidence

Low

JSON

The Migrate queue importer module enables you to create cron migrations(configuration entities) with a reference towards migration entities in order to import them during cron runs. The module doesn’t sufficiently protect against Cross Site Request Forgery under specific scenarios allowing an attacker to enable/disable a cron migration. This vulnerability is mitigated by the fact that an attacker must know the id of the migration.

Affected configurations

Vulners

Node

drupalmigrate_queue_importerRange<2.1.1

VendorProductVersionCPE
drupalmigrate_queue_importer*cpe:2.3:a:drupal:migrate_queue_importer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	migrate_queue_importer	*	cpe:2.3:a:drupal:migrate_queue_importer::::::::

References

www.drupal.org/project/migrate_queue_importer/releases/2.1.1

www.drupal.org/user/102818

www.drupal.org/user/2526160

www.drupal.org/user/272316

www.drupal.org/user/3611858

www.drupal.org/user/36762

AI Score

Confidence

Low

JSON