Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Incorrect Authorization Vulnerability - CVE-2020-24401 - Vulnerability Database
Magento

Magento Incorrect Authorization Vulnerability - CVE-2020-24401

Medium
Reference: CVE-2020-24401
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-24401
Title: Magento Incorrect Authorization Vulnerability
Overview:

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user39s account.