CVE-2020-24401
packagist/magento/community-edition
Incorrect Authorization
Magento A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
All versions before 2.3.6, version 2.4.0
Upgrade to versions 2.3.6, 2.4.1 or above.
2020-11-15
source |