{"id":"CVE-2024-49373","summary":"Centurion ERP user can view projects from organizations they're not apart of","details":"No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.","aliases":["GHSA-5qmx-pr2f-qhj5"],"modified":"2026-04-02T12:21:28.757122Z","published":"2024-10-22T15:58:37.360Z","database_specific":{"cwe_ids":["CWE-653"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49373.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49373.json"},{"type":"ADVISORY","url":"https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49373"},{"type":"FIX","url":"https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae"},{"type":"FIX","url":"https://github.com/nofusscomputing/centurion_erp/pull/358"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nofusscomputing/centurion_erp","events":[{"introduced":"0"},{"fixed":"6351acabe5b5e2df6a48120eb438d1f0b4015d13"}]}],"versions":["0.0.1","0.1.0","0.2.0","0.3.0","0.4.0","0.5.0","0.6.0","0.7.0","1.0.0","1.0.0-a1","1.0.0-a2","1.0.0-a3","1.0.0-a4","1.0.0-b1","1.0.0-b10","1.0.0-b11","1.0.0-b12","1.0.0-b13","1.0.0-b14","1.0.0-b2","1.0.0-b3","1.0.0-b4","1.0.0-b5","1.0.0-b6","1.0.0-b7","1.0.0-b8","1.0.0-b9","1.1.0","1.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49373.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}]}