CVE-2024-49373
4.1
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| nofusscomputing | centurion_erp | < 1.2.1 | affected |
Weaknesses
- CWE-653: CWE-653: Improper Isolation or Compartmentalization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5
- https://github.com/nofusscomputing/centurion_erp/pull/358
- https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.