VYPR
Low severityNVD Advisory· Published Nov 9, 2020· Updated Sep 16, 2024

Incorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST API

CVE-2020-24404

Description

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
magento/community-editionPackagist
< 2.3.62.3.6
magento/community-editionPackagist
>= 2.4.0, < 2.4.12.4.1

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.