CVE-2020-24405

Published: Nov 9, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization.

Affected (8)

Products: Magento: Magento

Magento

1 product

Magento

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Magento Magento	Before 2.3.5
Magento Magento	Before 2.3.5
Magento Magento	Version 2.3.5
Magento Magento	Version 2.3.5
Magento Magento	Version 2.3.5 p1
Magento Magento	Version 2.3.5 p1
Magento Magento	Version 2.4.0
Magento Magento	Version 2.4.0

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://helpx.adobe.com/security/products/magento/apsb20-59.html

Source: psirt@adobe.com

Vendor Advisory

https://helpx.adobe.com/security/products/magento/apsb20-59.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.