- Release Date: May 07, 2019
- Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
- Vulnerability Type: Open Redirect
- Affected Versions: 3.0.0 and below
- Severity: Medium
- Suggested CVSS v3.0: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C
- CVE: not assigned yet
The extension fails to validate user input for the parameter “redirect_url”, which allows a redirect to an arbitrary URL after a successful user login.
An updated version 3.0.1 is available from the TYPO3 extension manager and at https://extensions.typo3.org/extension/download/hairu/3.0.1/zip/
Users of the extension are advised to update the extension as soon as possible.
Credits go to Helmut Hummel who discovered and reported the vulnerability.