Description

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization.

Remediation

References

CVE-2020-24405

Related Vulnerabilities

RubyGems Improper Authentication Vulnerability (CVE-2022-36073)

WordPress Plugin Widgets on Pages Cross-Site Scripting (1.6.0)

WordPress Plugin WP-Ban Cross-Site Scripting (1.69)

Squid NULL Pointer Dereference Vulnerability (CVE-2023-46728)

WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Cross-Site Request Forgery (2.10)

Severity

Medium

Classification

CVE-2020-24405 CWE-285 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities