Magento version 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento 2.3.5 |
||
magento magento |
||
magento magento 2.4.0 |