Description
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2019-2975 Vulnerability (CVE-2019-2975)
WordPress Plugin Integration for Contact Form 7 and ActiveCampaign Cross-Site Scripting (1.0.3)
Oracle Database Server Other Vulnerability (CVE-2003-0727)
IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-6129)
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5495)