CVE-2021-21020 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=0 <2.3.6 || >=2.4.0 <2.4.1-p1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0019 pctl0.41067

Details

Magento Improper Access Control Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.

Metadata

Created: 2022-05-24T17:41:55Z
Modified: 2025-02-10T20:43:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2j6v-829g-885q/GHSA-2j6v-829g-885q.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-2j6v-829g-885q
Finding: F039
Auto approve: 1