CVE-2020-24403 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=0 <2.3.6 || =2.4.0 || >=2.4.0 <2.4.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00273 pctl0.50455

Details

Magento incorrect user permissions vulnerability within the Inventory component Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.

Metadata

Created: 2022-05-24T17:33:55Z
Modified: 2025-02-10T20:37:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-39rw-4m66-82gf/GHSA-39rw-4m66-82gf.json
CWE IDs: ["CWE-285"]
Alternative ID: GHSA-39rw-4m66-82gf
Finding: F039
Auto approve: 1