CVE-2015-7233

Name of the Vulnerable Software and Affected Versions Drupal OSF module versions 7.x-3.x before 7.x-3.1

Description A cross-site request forgery (CSRF) issue exists in the OSF module for Drupal. This issue allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets when the OSF Import module is enabled.

Recommendations For Drupal OSF module versions 7.x-3.x before 7.x-3.1, update to version 7.x-3.1 or later to resolve the issue. As a temporary workaround, consider disabling the OSF Import module until a patch is available. Restrict access to the OSF module to minimize the risk of exploitation.