CVE-2020-24403 LOW

CVE-2020-24403: Incorrect permissions could lead to unauthorized modification of inventory source data via REST API

Vendor Adobe

Product Magento Commerce

Weakness CWE-285

Published November 9, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

2.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.

Key dates

02Disclosure timeline

November 9, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-24403

Related vulnerabilities

Identifiers

CVE CVE-2020-24403

CWE CWE-285

CVSS 2.7 / LOW

Affected versions

Vendor Adobe

Product Magento Commerce

Affected ≥ unspecified and ≤ 2.4.0

Vendor Adobe

Product Magento Commerce

Affected ≥ unspecified and ≤ 2.3.5p1

Vendor Adobe

Product Magento Commerce

Affected ≥ unspecified and ≤ None

CVE-2020-24403: Incorrect permissions could lead to unauthorized modification of inventory source data via REST API

01Description

02Disclosure timeline

03References

04Related CVE