A recent security advisory, SA-CONTRIB-2024-008, has revealed a moderately critical vulnerability in the Migrate Tools module for Drupal, affecting versions before 6.0.3. This vulnerability could potentially lead to Cross Site Request Forgery (CSRF) attacks, allowing malicious actors to trick authenticated administrators into initiating migrations. The issue arises from inadequate protection mechanisms, particularly in specific scenarios where an attacker must know the name of the migration to exploit the vulnerability. The Drupal Security Team, coordinated by Greg Knaddison, has addressed this issue, and users are strongly advised to upgrade to Migrate Tools version 6.0.3 to mitigate the risk. The fix was reported and implemented by Andreas Hennings and Lucas Hedding, respectively. Learn more here.