Lucene search

MitreCVE-2022-47409

HistoryDec 14, 2022 - 9:15 p.m.

CVE-2022-47409

2022-12-1421:15:14

mitre

web.nvd.nist.gov

cve-2022-47409

fp_newsletter

newsletter subscriber management

typo3

attack

unsubscribe

security vulnerability

nvd

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

32.0%

JSON

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.

Affected configurations

Nvd

Node

fp_newsletter_projectfp_newsletterRange<1.1.1typo3

fp_newsletter_projectfp_newsletterRange2.0.0–2.1.2typo3

fp_newsletter_projectfp_newsletterRange2.2.1–2.4.0typo3

fp_newsletter_projectfp_newsletterRange3.0.0–3.2.6typo3

fp_newsletter_projectfp_newsletterMatch1.2.0typo3

VendorProductVersionCPE
fp_newsletter_projectfp_newsletter*cpe:2.3:a:fp_newsletter_project:fp_newsletter:*:*:*:*:*:typo3:*:*
fp_newsletter_projectfp_newsletter1.2.0cpe:2.3:a:fp_newsletter_project:fp_newsletter:1.2.0:*:*:*:*:typo3:*:*

Vendor	Product	Version	CPE
fp_newsletter_project	fp_newsletter	*	cpe:2.3:a:fp_newsletter_project:fp_newsletter::::::typo3::*
fp_newsletter_project	fp_newsletter	1.2.0	cpe:2.3:a:fp_newsletter_project:fp_newsletter:1.2.0:::::typo3::

References

typo3.org/security/advisory/typo3-ext-sa-2022-017

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

32.0%

JSON

Related for CVE-2022-47409