4 matches found
PT-2021-2300 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to the lack of automatic termination of all sessions after a password change, which could allow a...
CVE-2020-24403 Incorrect permissions could lead to unauthorized modification of inventory source data via REST API
Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the...
CVE-2020-24406
When in maintenance mode, Magento version 2.4.0 and 2.3.4 and earlier are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable...
PT-2020-4511 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.0 and 2.3.5p1 and earlier Description: The issue is related to incorrect authorization, allowing a user to access resources provisioned under their old role even after an administrator removes the role or disables the...