CVE-2020-24401

Incorrect Authorization in packagist/magento/community-edition

Identifiers

CVE-2020-24401

Package Slug

packagist/magento/community-edition

Vulnerability

Incorrect Authorization

Description

Magento A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.

Affected Versions

All versions before 2.3.6, version 2.4.0

Solution

Upgrade to versions 2.3.6, 2.4.1 or above.

Last Modified

2020-11-15

source