cve/2020/CVE-2020-24403.md

### [CVE-2020-24403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24403)
![](https://img.shields.io/static/v1?label=Product&message=Magento%20Commerce&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%202.4.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen)

### Description

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-24403
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2020-24403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24403)`
			`![](https://img.shields.io/static/v1?label=Product&message=Magento%20Commerce&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%202.4.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization%20(CWE-285)&color=brighgreen)`

			`### Description`

			`Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/Live-Hack-CVE/CVE-2020-24403`