CVE-2022-47410

Published: Dec 14, 2022Modified: Apr 21, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.

Affected (5)

Products: Fp Newsletter Project: Fp Newsletter

Fp Newsletter Project

1 product

Fp Newsletter

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fp Newsletter Project Fp Newsletter	Before 1.1.1
Fp Newsletter Project Fp Newsletter	From 2.0.0 to 2.1.2
Fp Newsletter Project Fp Newsletter	From 2.2.1 to 2.4.0
Fp Newsletter Project Fp Newsletter	From 3.0.0 to 3.2.6
Fp Newsletter Project Fp Newsletter	Version 1.2.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://typo3.org/security/advisory/typo3-ext-sa-2022-017

Source: cve@mitre.org

PatchVendor Advisory

https://typo3.org/security/advisory/typo3-ext-sa-2022-017

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.