CVE-2020-12699

Description

The Direct Mail extension for TYPO3 (ext:direct_mail) through version 5.2.3 contains an open redirect vulnerability (CVE-2020-12699) due to improper handling of the “jumpUrl” functionality. This flaw allows an attacker to craft a link that, when clicked by a user, redirects them to an arbitrary external URL. The open redirect is part of a set of vulnerabilities discovered in the extension, as detailed in the TYPO3 security advisory [3].

Exploitation

Exploitation requires no authentication; an attacker can embed a malicious jumpUrl link in a newsletter or other communication sent via the extension. The victim only needs to click on the link for the redirection to occur. Since the extension is often used for mass mailings, a single malicious link can reach many recipients, increasing the attack surface [2].

Impact

Successful exploitation enables an attacker to redirect users to phishing sites, malware downloads, or other malicious destinations, potentially leading to credential theft or further compromise. The open redirect can also be used to bypass security controls that rely on domain validation [3].

Mitigation

The vulnerability is fixed in version 5.2.4 of the Direct Mail extension. Users are strongly advised to update immediately via the TYPO3 extension manager or by downloading the update from the TYPO3 Extension Repository [3]. No workarounds are available.