Skip to content
Snippets Groups Projects
Commit 1b28fec3 authored by Oliver Hader's avatar Oliver Hader Committed by Oliver Hader
Browse files

[SECURITY] Mitigate bypassing CSRF token via XSS 

Cross-site scripting in same-site/same-origin context most probably
allows bypassing tokens that usually protects against cross-site
request forgery - basically that is obvious when focusing on
"cross-site" and "same-site" terminology.

To mitigate these scenarios, same-site requests from outside`/typo3/`
URI path - which is used to access the backend user interface - now
have to provide an HTTP `Referer` header which is enforced for global
routes potentially containing CSRF tokens.

In general all routes that switch their state internally from
`public` to `restricted` are relevant in this scenario. If really
necessary, the behavior can be disabled using corresponding feature
switch `security.backend.enforceReferrer` in TYPO3_CONF_VARS.

Resolves: #90681
Releases: master, 9.5
Change-Id: Id410fa73f1029cb131356e44b64637a5f12381e5
Security-Bulletin: TYPO3-CORE-SA-2020-006
Security-References: CVE-2020-11069
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64470


Tested-by: default avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: default avatarOliver Hader <oliver.hader@typo3.org>
parent e4fb92a8
Branches
Tags
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 354 additions and 6 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment