CVE-2020-24404

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-24404

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24404.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-24404

Aliases

Published

2020-11-09T01:15:12.707Z

Modified

2026-03-10T23:16:55.490234Z

Severity

2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.

References

https://helpx.adobe.com/security/products/magento/apsb20-59.html

Affected packages

Git / github.com/magento/devdocs

Affected ranges

Type

GIT

Repo

https://github.com/magento/devdocs

Events

Introduced

Fixed

b69fab3da87a1536e1a583e51c8115e3f843609b

Introduced

Fixed

b69fab3da87a1536e1a583e51c8115e3f843609b

Introduced

Last affected

b69fab3da87a1536e1a583e51c8115e3f843609b

Introduced

Last affected

b69fab3da87a1536e1a583e51c8115e3f843609b

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.5"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.5-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.5-NA"
        }
    ]
}

Type

GIT

Repo

https://github.com/magento/magento2

Events

Introduced

Last affected

13c18d0b3f2e3fa53b317db5452eaab3d28dbeca

Introduced

Last affected

13c18d0b3f2e3fa53b317db5452eaab3d28dbeca

Introduced

Last affected

6729b6e01368248abc33300208eb292c95050203

Introduced

Last affected

6729b6e01368248abc33300208eb292c95050203

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.5-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.5-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        }
    ]
}

Affected versions

0.*

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.42.0-beta1

0.42.0-beta10

0.42.0-beta11

0.42.0-beta2

0.42.0-beta3

0.42.0-beta4

0.42.0-beta5

0.42.0-beta6

0.42.0-beta7

0.42.0-beta8

0.42.0-beta9

0.74.0-beta1

0.74.0-beta10

0.74.0-beta11

0.74.0-beta12

0.74.0-beta13

0.74.0-beta14

0.74.0-beta15

0.74.0-beta16

0.74.0-beta2

0.74.0-beta3

0.74.0-beta4

0.74.0-beta5

0.74.0-beta6

0.74.0-beta7

0.74.0-beta8

0.74.0-beta9

1.*

1.0.0-beta

2.*

2.0.0

2.0.0-rc

2.0.0-rc2

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.8

2.0.9

2.1.0

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.0-RC1.1

2.2.0-RC1.2

2.2.0-RC1.3

2.2.0-RC1.4

2.2.0-RC1.5

2.2.0-RC1.6

2.2.0-RC1.8

2.2.0-rc2.0

2.2.0-rc2.1

2.2.0-rc2.2

2.2.0-rc2.3

2.2.0-rc3.0

2.2.1

2.2.10

2.2.11

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.3.0

2.3.1

2.3.2

2.3.2-p1

2.3.3

2.3.3-p1

2.3.4

2.4.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24404.json"