- Issue created by @prudloff
The entity.ultimate_cron_job.unlock route is not protected against CSRF attacks.
As an user that can post content, add this HTML in a page:
<img src="http://example.com/admin/config/system/cron/jobs/ultimate_cron_queue_locale_translation/unlock">
As another user with the "run cron jobs" permission, display this page: the job is unlocked without any confirmation.
Add the _csrf_token: 'TRUE' requirement to this route.
Active
2.0
Code
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.