Lucene search

[email protected]CVE-2022-47410

HistoryDec 14, 2022 - 9:15 p.m.

CVE-2022-47410

2022-12-1421:15:14

[email protected]

web.nvd.nist.gov

typo3

fp_newsletter

extension

cve-2022-47410

security

vulnerability

unauthorized access

subscriber data

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.7%

JSON

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.

Affected configurations

NVD

Node

fp_newsletter_projectfp_newsletterRange<1.1.1typo3

fp_newsletter_projectfp_newsletterRange2.0.0–2.1.2typo3

fp_newsletter_projectfp_newsletterRange2.2.1–2.4.0typo3

fp_newsletter_projectfp_newsletterRange3.0.0–3.2.6typo3

fp_newsletter_projectfp_newsletterMatch1.2.0typo3

CPENameOperatorVersion
fp_newsletter_project:fp_newsletterfp newsletter project fp newsletterlt1.1.1
fp_newsletter_project:fp_newsletterfp newsletter project fp newsletterlt2.1.2
fp_newsletter_project:fp_newsletterfp newsletter project fp newsletterle2.4.0
fp_newsletter_project:fp_newsletterfp newsletter project fp newsletterlt3.2.6
fp_newsletter_project:fp_newsletterfp newsletter project fp newslettereq1.2.0

CPE	Name	Operator	Version
fp_newsletter_project:fp_newsletter	fp newsletter project fp newsletter	lt	1.1.1
fp_newsletter_project:fp_newsletter	fp newsletter project fp newsletter	lt	2.1.2
fp_newsletter_project:fp_newsletter	fp newsletter project fp newsletter	le	2.4.0
fp_newsletter_project:fp_newsletter	fp newsletter project fp newsletter	lt	3.2.6
fp_newsletter_project:fp_newsletter	fp newsletter project fp newsletter	eq	1.2.0

References

typo3.org/security/advisory/typo3-ext-sa-2022-017

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.7%

JSON

Related for CVE-2022-47410

nvd1 osv1 cvelist1 prion1