magento/community-edition is vulnerable to authorization bypass. The vulnerability exists as a user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information.