2 matches found
CVE-2020-24402 Incorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST API
Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...
CVE-2020-24402
Magento 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. The issue allows authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization. This is rooted in impro...