CVE-2020-24404

Improper Authorization in packagist/magento/community-edition

Identifier

CVE-2020-24404

Package Slug

packagist/magento/community-edition

Vulnerability

Improper Authorization

Description

Magento This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.

Affected Versions

All versions before 2.3.6, version 2.4.0

Solution

Upgrade to versions 2.3.6, 2.4.1 or above.

Last Modified

2020-11-15

source