Project
General Data Protection Regulation
Date
Severity
Moderately Critical
Risk Score
13 ∕ 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability
Cross Site Request Forgery
Affected versions
7.x-1.0-alpha12

Description

The GDPR Task submodule enables you to create GDPR tasks.

The module doesn't sufficiently protect against Cross Site Request Forgery (CSRF) attacks by validating user identity and intent when creating tasks.

Solution

Install the latest version.

If you use the General Data Protection Regulation module for Drupal 7, upgrade to gdpr 7.x-1.0-alpha13:

Reported by

  • Pierre Rudloff (prudloff)

Fixed by

  • Peter Pónya (pedrop)
  • szato
  • Tag1 D7ES

Coordinated by

  • Tag1 D7ES