3 matches found
CVE-2020-24401
Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account...
CVE-2020-24407
CVE-2020-24407 affects Magento Open Source 2.4.x and 2.3.5p1 and earlier, with an unsafe file upload that enables arbitrary code execution when performed by authenticated admins with access to System/Data and Transfer/Import components. The issue is documented across multiple feeds (including OSV...
PT-2020-4582 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.0 and 2.3.5p1 and earlier Description: The issue is related to incorrect permissions within the Integrations component, which could be exploited by users with permissions to the Pages resource to delete cms pages via the...