CVE-2021-21020

Improper Access Control in packagist/magento/community-edition

Identifiers

CVE-2021-21020

Package Slug

packagist/magento/community-edition

Vulnerability

Improper Access Control

Description

Magento is vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.

Affected Versions

All versions before 2.3.6, all versions starting from 2.4.0 up to 2.4.1

Solution

Upgrade to versions 2.3.6, 2.4.1-p1 or above.

Last Modified

2021-02-18

source