CVE-2020-24404: Improper Authorization

November 9, 2020 (updated November 12, 2020)

Magento This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.

References

helpx.adobe.com/security/products/magento/apsb20-59.html
nvd.nist.gov/vuln/detail/CVE-2020-24404

Code Behaviors & Features

Detect and mitigate CVE-2020-24404 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →