Description
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Drive for WordPress Arbitrary File Deletion (2.2)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-2397)
WebLogic CVE-2018-2625 Vulnerability (CVE-2018-2625)
Ruby Cryptographic Issues Vulnerability (CVE-2011-2686)
Oracle Database Server CVE-2009-1018 Vulnerability (CVE-2009-1018)