CVE-2024-49373

Centurion ERP user can view projects from organizations they're not apart of

CVSS 4.1 MEDIUMEPSS 0.4%CWE-653

No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Affected products

nofusscomputing · centurion_erp

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae https://github.com/nofusscomputing/centurion_erp/pull/358 https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5