CVE-2020-24403

Summary

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.

Affected Software

VendorProductVersion RangeStatus
AdobeMagento Commerceunspecified <= 2.4.0affected
AdobeMagento Commerceunspecified <= 2.3.5p1affected
AdobeMagento Commerceunspecified <= Noneaffected

Weaknesses

  • CWE-285: Improper Authorization (CWE-285)

ADP Enrichment

CVE Program Container

Additional References

References