2 matches found
CVE-2020-24401 Incorrect permissions following the deletion of a user role or deactivation of a user
Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account...
CVE-2020-24401
CVE-2020-24401 — Magento : Affected are Magento versions 2.4.0 and 2.3.5p1 (and earlier). Root cause: incorrect authorization that lets a user continue to access resources provisioned under their old role after an administrator removes the role or disables the account. Impact: accounts may retain...