CVE-2020-24405 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=0 <2.3.6 || >=2.4.0 <2.4.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00124 pctl0.32328

Details

Magento incorrect permissions vulnerability in the Inventory module Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization.

Metadata

Created: 2022-05-24T17:33:56Z
Modified: 2024-01-11T17:38:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p7m7-j8jv-393q/GHSA-p7m7-j8jv-393q.json
CWE IDs: ["CWE-285"]
Alternative ID: GHSA-p7m7-j8jv-393q
Finding: F039
Auto approve: 1