TYPO3 CMS Open Redirect Vulnerability in GeneralUtility Component

A vulnerability allowing open redirection has been identified in TYPO3 CMS. This issue arises in applications that utilize the GeneralUtility::sanitizeLocalUrl function to restrict URLs to local ones. If a URL is processed by this function and then used, it can lead to an open redirect, allowing attackers to send users to external sites and potentially conduct phishing attacks. The vulnerability affects TYPO3 CMS versions 10.0.0 prior to 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30, and 14.0.0-14.3.2.

Impact

Exploitation of this vulnerability allows for open redirection, where users can be sent to external sites, potentially leading to phishing attacks.

Reproduction

The vulnerability can be reproduced by using the GeneralUtility::sanitizeLocalUrl function with a URL that, after sanitization, is still processed in a way that allows redirection to an external site. This can be tested by providing URLs that include unencoded spaces or that are formatted to escape characters, such as backslashes, which could be interpreted as part of the URL structure.

Remediation

Users are advised to update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, or 14.3.3 LTS, all of which address this vulnerability.