CVE-2020-24402

Improper Authorization in packagist/magento/community-edition

Identifier

CVE-2020-24402

Package Slug

packagist/magento/community-edition

Vulnerability

Improper Authorization

Description

Magento This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization.

Affected Versions

All versions before 2.3.6, version 2.4.0

Solution

Upgrade to versions 2.3.6, 2.4.1 or above.

Last Modified

2020-11-15

source