CVE-2024-49373 Information
Nov 01, 2024
cve
Description
No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1 an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Reference
https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5 https://github.com/nofusscomputing/centurion_erp/pull/358 https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
4.3
Share on: