Date: 
2024-May-29
Vulnerability: 
Cross Site Request Forgery
Affected versions: 
<2.1.1
CVE IDs: 
CVE-2024-13260
Description: 

The Migrate queue importer module enables you to create cron migrations(configuration entities) with a reference towards migration entities in order to import them during cron runs.

The module doesn't sufficiently protect against Cross Site Request Forgery
under specific scenarios allowing an attacker to enable/disable a cron migration.

This vulnerability is mitigated by the fact that an attacker must know the
id of the migration.

Solution: 

Install the latest version:

Reported By: 
Coordinated By: