CVE-2020-24403

Improper Authorization in packagist/magento/community-edition

Identifier

CVE-2020-24403

Package Slug

packagist/magento/community-edition

Vulnerability

Improper Authorization

Description

Magento This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.

Affected Versions

All versions before 2.3.6, version 2.4.0

Solution

Upgrade to versions 2.3.6, 2.4.1 or above.

Last Modified

2020-11-15

source