2 matches found
CVE-2020-24403 Incorrect permissions could lead to unauthorized modification of inventory source data via REST API
Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the...
PT-2020-4511 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.0 and 2.3.5p1 and earlier Description: The issue is related to incorrect authorization, allowing a user to access resources provisioned under their old role even after an administrator removes the role or disables the...