CVE-2020-24404 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=0 <2.3.6 || =2.4.0 || >=2.4.0 <2.4.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00275 pctl0.50594

Details

Magento 2 Community Edition vulnerable to Improper Authorization Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.

Metadata

Created: 2022-05-24T17:33:55Z
Modified: 2023-07-20T14:42:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rwf7-652f-76mv/GHSA-rwf7-652f-76mv.json
CWE IDs: ["CWE-285"]
Alternative ID: GHSA-rwf7-652f-76mv
Finding: F039
Auto approve: 1