Project

General

Profile

Actions

Bug #91396

closed

Story #91384: Backend login and referrer problems after recent TYPO3 9.5.17 and 10.4.2 security fixes

Allow SSO authentication handlers to pass SSRF referrer checks

Added by Oliver Hader almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Security
Target version:
Start date:
2020-05-14
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Scenario

Observation

  • request is actually correct
  • referrer is send - but with something "external" from /typo3/ (that the subject we want and must protect from being called directly)

Variations

  • cross-site
    • Referer: https://sso.example.org/auth
    • expected Referer: https://example.org/typo3/.+
  • same-site
    • Referer: https://example.org/?eID=auth
    • expected Referer: https://example.org/typo3/.+
  • same-origin (the regular case)
    • Referer: https://example.org/typo3/index.php?route=%2Flogin
    • expected Referer: https://example.org/typo3/.+

Related issues 1 (0 open1 closed)

Has duplicate TYPO3 Core - Bug #91414: After update from 9.5.16 to 9.5.17 I get an error 'Missing referrer for /main' in /typo3Closed2020-05-15

Actions
Actions #1

Updated by Oliver Hader almost 4 years ago

  • Description updated (diff)
Actions #2

Updated by Oliver Hader almost 4 years ago

  • Status changed from New to Accepted
  • Target version set to 9.5.18 & 10.4.3
Actions #3

Updated by Richard Haeser almost 4 years ago

We have exactly this scenario with the OpenID extension: friendsoftypo3/openid

Actions #4

Updated by Gerrit Code Review almost 4 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64492

Actions #5

Updated by Gerrit Code Review almost 4 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64492

Actions #6

Updated by David Rellstab almost 4 years ago

Tested and verified the patch with our sso setup on TYPO3 9.5.17.

Patch resolves the issue for our use case.

Actions #7

Updated by Gerrit Code Review almost 4 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64492

Actions #8

Updated by Richard Haeser almost 4 years ago

  • Has duplicate Bug #91414: After update from 9.5.16 to 9.5.17 I get an error 'Missing referrer for /main' in /typo3 added
Actions #9

Updated by Richard Haeser almost 4 years ago

  • Has duplicate Bug #91415: After Update from 9.5.14 to 9.5.17 - backend and installer login are not working added
Actions #10

Updated by Richard Haeser almost 4 years ago

  • Has duplicate deleted (Bug #91415: After Update from 9.5.14 to 9.5.17 - backend and installer login are not working)
Actions #11

Updated by Gerrit Code Review almost 4 years ago

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64499

Actions #12

Updated by Gerrit Code Review almost 4 years ago

Patch set 2 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64499

Actions #13

Updated by Gerrit Code Review almost 4 years ago

Patch set 3 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64499

Actions #14

Updated by Gerrit Code Review almost 4 years ago

Patch set 4 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64499

Actions #15

Updated by Oliver Hader almost 4 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #16

Updated by Gerrit Code Review almost 4 years ago

  • Status changed from Resolved to Under Review

Patch set 5 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64499

Actions #17

Updated by Oliver Hader almost 4 years ago

  • Status changed from Under Review to Resolved
Actions #18

Updated by Benni Mack almost 4 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF