Description
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
Remediation
References
Related Vulnerabilities
b2evolution Use of Insufficiently Random Values Vulnerability (CVE-2022-30935)
phpMyAdmin Other Vulnerability (CVE-2007-2016)
Joomla Missing Authorization Vulnerability (CVE-2019-18674)
WordPress Plugin Live Chat with Facebook Messenger Cross-Site Scripting (1.4.4)
Oracle Database Server CVE-2007-0268 Vulnerability (CVE-2007-0268)