Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-24401
HistoryNov 09, 2020 - 1:15 a.m.

CVE-2020-24401

2020-11-0901:15:12
CWE-863
[email protected]
web.nvd.nist.gov
9
magento
vulnerability
unauthorized access
version 2.4.0
version 2.3.5p1
incorrect authorization

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

38.3%

JSON

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user’s account.

Affected configurations

Nvd
Node
magentomagentoRange<2.3.5commerce
OR
magentomagentoRange<2.3.5open_source
OR
magentomagentoMatch2.3.5-commerce
OR
magentomagentoMatch2.3.5-open_source
OR
magentomagentoMatch2.3.5p1commerce
OR
magentomagentoMatch2.3.5p1open_source
OR
magentomagentoMatch2.4.0commerce
OR
magentomagentoMatch2.4.0open_source
VendorProductVersionCPE
magentomagento*cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*
magentomagento*cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
magentomagento2.3.5cpe:2.3:a:magento:magento:2.3.5:-:*:*:commerce:*:*:*
magentomagento2.3.5cpe:2.3:a:magento:magento:2.3.5:-:*:*:open_source:*:*:*
magentomagento2.3.5cpe:2.3:a:magento:magento:2.3.5:p1:*:*:commerce:*:*:*
magentomagento2.3.5cpe:2.3:a:magento:magento:2.3.5:p1:*:*:open_source:*:*:*
magentomagento2.4.0cpe:2.3:a:magento:magento:2.4.0:*:*:*:commerce:*:*:*
magentomagento2.4.0cpe:2.3:a:magento:magento:2.4.0:*:*:*:open_source:*:*:*

Related

osv 3
prion 1
cvelist 1
cve 1
github 1
threatpost 1
openvas 1
adobe 1
osv
osv
BIT-magento-2020-24401
2024-03-06 11:08:28
CVE-2020-24401
2020-11-09 01:15:12
Magento 2 Community Edition Incorrect Authorization
2022-05-24 17:33:55
prion
prion
Authorization
2020-11-09 01:15:00
cvelist
cvelist
CVE-2020-24401 Incorrect permissions following the deletion of a user role or deactivation of a user
2020-11-09 00:39:29
cve
cve
CVE-2020-24401
2020-11-09 01:15:12
github
github
Magento 2 Community Edition Incorrect Authorization
2022-05-24 17:33:55
threatpost
threatpost
Critical Magento Holes Open Online Shops to Code Execution
2020-10-15 20:59:30
openvas
openvas
Magento < 2.3.6, 2.4.x < 2.4.1 Multiple Vulnerabilities (APSB20-59)
2020-10-23 00:00:00
adobe
adobe
APSB20-59 Security updates available for Magento
2020-10-15 00:00:00

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

38.3%

JSON
Related for NVD:CVE-2020-24401
osv3prion1cvelist1cve1github1threatpost1openvas1adobe1