CVE-2021-28567
packagist/magento/community-edition
Incorrect Authorization
Magento is vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation.
All versions up to 2.4.2
Unfortunately, there is no solution at the moment.
2021-09-16
source |