CVE-2022-47410 – fixpunkt/fp-newsletter

Package

Manager: composer
Name: fixpunkt/fp-newsletter
Vulnerable Version: >=0 <1.1.1 || >=1.2.0 <2.1.2 || >=3.0.0 <3.2.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00339 pctl0.55954

Details

"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.

Metadata

Created: 2022-12-14T21:30:16Z
Modified: 2025-04-21T22:51:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-vxmc-qg5x-pvfx/GHSA-vxmc-qg5x-pvfx.json
CWE IDs: ["CWE-200", "CWE-668"]
Alternative ID: GHSA-vxmc-qg5x-pvfx
Finding: F039
Auto approve: 1