TYPO3 Open Redirection in Login Handling

medium Web App Scanning Plugin ID 113391

Language:

Synopsis

Description

TYPO3 CMS v6.2.0-6.2.56, 7.0.0-7.6.50, 8.0.0-8.7.39, 9.0.0-9.5.24, 10.0.0-10.4.13, 11.0.0-11.1.0 are susceptible to open redirects in login handling due to improper validation of the HTTP Host header.

Solution

Upgrade to TYPO3 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 or later.

Plugin Details

Severity: Medium

ID: 113391

Type: remote

Family: Component Vulnerability

Published: 10/28/2022

Updated: 10/28/2022

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2021-21338

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS Score Source: CVE-2021-21338

Reference Information

CVE: CVE-2021-21338

CWE: 601

OWASP: 2010-A10, 2013-A10, 2013-A9, 2017-A9, 2021-A1, 2021-A6

WASC: URL Redirector Abuse

DISA STIG: APSC-DV-002560, APSC-DV-002630

HIPAA: 164.306(a)(1), 164.306(a)(2)

ISO: 27001-A.14.2.5

NIST: sp800_53-CM-6b, sp800_53-SI-10

OWASP API: 2019-API7, 2023-API8

OWASP ASVS: 4.0.2-14.2.1, 4.0.2-5.1.5

PCI-DSS: 3.2-6.2, 3.2-6.5.8

Detections

Analytics

TYPO3 Open Redirection in Login Handling

medium Web App Scanning Plugin ID 113391

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Reference Information