CVE-2024-49373

EPSS 0.37%
Veröffentlicht 22.10.2024 16:15:08
Zuletzt bearbeitet 30.10.2024 21:16:59
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Centurion ERP user can view projects from organizations they're not apart of

No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nofusscomputing ≫ Centurion Erp Version < 1.2.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.285

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	4.1	0.5	3.6	CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE-653 Improper Isolation or Compartmentalization

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae

Patch

https://github.com/nofusscomputing/centurion_erp/pull/358

Patch

https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-49373

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-49373

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-49373

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-49373