TYPO3 Redirect Tab Extension Broken Access Control Vulnerability

A broken access control vulnerability has been identified in the TYPO3 extension 'Redirect Tab' (redirect_tab), specifically in versions 4.0.0 to 4.0.4, 3.0.0 to 3.1.6, and 2.1.1 and below. The vulnerability arises because the extension does not properly verify whether an authenticated user has the necessary permissions to access redirect records. This lack of verification can lead to unauthorized exposure of redirect information when a page is being edited.

Impact

Exploitation of this vulnerability could result in unauthorized access to redirect records, potentially allowing users to view or manipulate redirect data they should not have access to.

Remediation

Users of the 'Redirect Tab' extension are advised to update to version 4.0.5, 3.1.7, or 2.1.2. These versions are available through the TYPO3 Extension Manager, Packagist, and can be downloaded directly from the TYPO3 Extensions Repository.