CVE-2024-49373

Published: Oct 22, 2024Modified: Oct 30, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.

Affected (1)

Products: Nofusscomputing: Centurion Erp

Nofusscomputing

1 product

Centurion Erp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nofusscomputing Centurion Erp	Before 1.2.1

Related CWEs

CWE-653

Improper Isolation or Compartmentalization

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

References (3)

https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae

Source: security-advisories@github.com

Patch

https://github.com/nofusscomputing/centurion_erp/pull/358

Source: security-advisories@github.com

Patch

https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.