CVE-2020-24402 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=0 <2.3.6 || =2.4.0 || >=2.4.0 <2.4.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00191 pctl0.41174

Details

Magento incorrect permissions vulnerability in the Integrations component Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization.

Metadata

Created: 2022-05-24T17:33:55Z
Modified: 2025-02-10T20:36:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hvf5-4jr9-fghh/GHSA-hvf5-4jr9-fghh.json
CWE IDs: ["CWE-276", "CWE-285"]
Alternative ID: GHSA-hvf5-4jr9-fghh
Finding: F039
Auto approve: 1