Description
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3643 Vulnerability (CVE-2017-3643)
XOOPS CVE-2009-3963 Vulnerability (CVE-2009-3963)
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-0367)
WordPress Plugin Like Dislike Counter SQL Injection (1.2.3)
WordPress Plugin WordPress Ad Widget Local File Inclusion (2.11.0)