The Migrate queue importer module enables you to create cron migrations(configuration entities) with a reference towards migration entities in order to import them during cron runs.
The module doesn't sufficiently protect against Cross Site Request Forgery
under specific scenarios allowing an attacker to enable/disable a cron migration.
This vulnerability is mitigated by the fact that an attacker must know the
id of the migration.
Install the latest version:
- If you use Migrate queue importer module for Drupal 10, upgrade to Migrate queue importer 2.1.1
- Greg Knaddison of the Drupal Security Team
- Juraj Nemec of the Drupal Security Team
- Michael Hess of the Drupal Security Team