Monday, November 9, 2020
CVE-2020-24401
nist.gov
In: nist.gov
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account. CVE-2020-24401