TYPO3 CMS Redirects Module Broken Access Control Vulnerability

A broken access control vulnerability has been identified in the TYPO3 CMS redirects module, affecting versions 10.0.0 prior to 10.4.54, 11.0.0 prior to 11.5.48, 12.0.0 prior to 12.4.40, 13.0.0 prior to 13.4.22, and 14.0.0 through 14.0.1. Backend users with write permission on the sys_redirect table could read, create, and modify any redirect record without restrictions based on their file or web mounts. This vulnerability allowed the insertion or alteration of redirects to arbitrary URLs, potentially facilitating phishing or other malicious redirect activities.

Impact

Exploitation of this vulnerability could lead to unauthorized access and modification of redirect records, allowing for the creation of malicious redirects that could be used for phishing or other harmful purposes.

Reproduction

To reproduce this vulnerability, a backend user must have access to the redirects module and write permission on the sys_redirect table. Once these conditions are met, the user can read, create, and modify redirect records without any restrictions. This can be done by navigating to the redirects module and managing the sys_redirect records directly.

Remediation

Users are advised to update TYPO3 to versions 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, or 14.0.2, all of which include the necessary fix.