CVE-2024-49373

Oct. 30, 2024, 9:16 p.m.

4.3
Medium

Description

No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.

Product(s) Impacted

Vendor Product Versions
Nofusscomputing
  • Centurion Erp
  • *

Weaknesses

CWE-653
Improper Isolation or Compartmentalization
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

*CPE(s)

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a nofusscomputing centurion_erp / / / / / / / /

References

https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae
https://github.com/nofusscomputing/centurion_erp/pull/358
https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5

Tags

security-advisories@github.com
NVD-CWE-noinfo
CWE-653
2024-10-22
CVE-2024-49373

CVSS Score

4.3 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Date

  • Published: Oct. 22, 2024, 4:15 p.m.
  • Last Modified: Oct. 30, 2024, 9:16 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.