What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2.
CVSS base score
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2.
Explanation of Vulnerability in Simple Terms
The Automated Logout module for Drupal contains a cross-site request forgery (CSRF) vulnerability in versions before 1.7.0. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, triggers unintended actions on the site. Update to version 1.7.0 or later to patch this issue.
What an attacker can do
Trick a logged-in admin into performing unintended actions via a malicious link or page.
Potential impact on your site
An attacker can perform unauthorized actions as an admin if they trick an admin into clicking a link.
Conditions required to exploit
The victim must be logged in and click a malicious link or visit an attacker-controlled page.
Key dates
External resources