CVE-2020-24403

LOW2.7EPSS 0.19%

Incorrect permissions could lead to unauthorized modification of inventory source data via REST API

發布日:2022/5/24修改日:2025/5/20

描述

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.

受影響套件(3)

Bitnami/magentofrom 0, < 2.3.5, >= 2.4.0, < 2.4.1
Packagist/magento/community-editionfrom 0, < 2.3.6
Packagist/magento/project-community-editionfrom 0, <= 2.0.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	LOW2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-24403
PATCHhttps://github.com/magento/magento2
WEBhttps://helpx.adobe.com/security/products/magento/apsb20-59.html