CVE-2022-47411 – fixpunkt/fp-newsletter

Package

Manager: composer
Name: fixpunkt/fp-newsletter
Vulnerable Version: >=0 <1.1.1 || >=1.2.0 <2.1.2 || >=3.0.0 <3.2.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00339 pctl0.55954

Details

"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.

Metadata

Created: 2022-12-14T21:30:16Z
Modified: 2025-04-21T22:51:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-r44w-pfx8-28jv/GHSA-r44w-pfx8-28jv.json
CWE IDs: ["CWE-200", "CWE-668"]
Alternative ID: GHSA-r44w-pfx8-28jv
Finding: F039
Auto approve: 1