Magento versions 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento |
||
magento magento 2.3.5 |
||
magento magento 2.4.0 |