Project

General

Profile

Actions

Bug #91396

closed

Story #91384: Backend login and referrer problems after recent TYPO3 9.5.17 and 10.4.2 security fixes

Allow SSO authentication handlers to pass SSRF referrer checks

Added by Oliver Hader almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Security
Target version:
Start date:
2020-05-14
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Scenario

Observation

  • request is actually correct
  • referrer is send - but with something "external" from /typo3/ (that the subject we want and must protect from being called directly)

Variations

  • cross-site
    • Referer: https://sso.example.org/auth
    • expected Referer: https://example.org/typo3/.+
  • same-site
    • Referer: https://example.org/?eID=auth
    • expected Referer: https://example.org/typo3/.+
  • same-origin (the regular case)
    • Referer: https://example.org/typo3/index.php?route=%2Flogin
    • expected Referer: https://example.org/typo3/.+

Related issues 1 (0 open1 closed)

Has duplicate TYPO3 Core - Bug #91414: After update from 9.5.16 to 9.5.17 I get an error 'Missing referrer for /main' in /typo3Closed2020-05-15

Actions
Actions

Also available in: Atom PDF