What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.
CVSS base score
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.
Explanation of Vulnerability in Simple Terms
Acquia Content Hub for Drupal contains a cross-site request forgery (CSRF) vulnerability in versions before 3.6.4. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, performs unwanted actions on the Content Hub module without the administrator's knowledge or consent. Update to version 3.6.4 or later to fix this issue.
What an attacker can do
Perform unwanted actions on the Content Hub module by tricking a logged-in admin into visiting a malicious page.
Potential impact on your site
An attacker can modify Content Hub settings or data if they trick your admin into visiting a malicious page.
Conditions required to exploit
A logged-in Drupal administrator must visit an attacker-controlled page or click a malicious link.
Key dates
External resources