CVE-2015-4360

Name of the Vulnerable Software and Affected Versions Drupal versions prior to 6.x-1.6 Drupal versions 6.x-2.x prior to 6.x-2.8 Drupal versions 7.x-1.x prior to 7.x-1.2

Description A cross-site request forgery (CSRF) issue exists in the Registration codes module, allowing remote attackers to hijack the authentication of administrators for requests that delete role-rules.

Recommendations For versions prior to 6.x-1.6, update to version 6.x-1.6 or later. For versions 6.x-2.x prior to 6.x-2.8, update to version 6.x-2.8 or later. For versions 7.x-1.x prior to 7.x-1.2, update to version 7.x-1.2 or later.