CVE-2020-24401

Summary

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.

Affected Software

VendorProductVersion RangeStatus
AdobeMagento Commerceunspecified <= 2.4.0affected
AdobeMagento Commerceunspecified <= 2.3.5p1affected
AdobeMagento Commerceunspecified <= Noneaffected

Weaknesses

  • CWE-863: Incorrect Authorization (CWE-863)

ADP Enrichment

CVE Program Container

Additional References

References