CVE-2024-49373 (GCVE-0-2024-49373)
Vulnerability from cvelistv5
Published
2024-10-22 15:58
Modified
2024-10-22 17:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Summary
No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
nofusscomputing | centurion_erp |
Version: < 1.2.1 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49373", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T17:09:37.342042Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T17:13:39.706Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "centurion_erp", "vendor": "nofusscomputing", "versions": [ { "status": "affected", "version": "\u003c 1.2.1" } ] } ], "descriptions": [ { "lang": "en", "value": "No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-653", "description": "CWE-653: Improper Isolation or Compartmentalization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-22T15:58:37.360Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5" }, { "name": "https://github.com/nofusscomputing/centurion_erp/pull/358", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nofusscomputing/centurion_erp/pull/358" }, { "name": "https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae" } ], "source": { "advisory": "GHSA-5qmx-pr2f-qhj5", "discovery": "UNKNOWN" }, "title": "Centurion ERP user can view projects from organizations they\u0027re not apart of" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-49373", "datePublished": "2024-10-22T15:58:37.360Z", "dateReserved": "2024-10-14T13:56:34.811Z", "dateUpdated": "2024-10-22T17:13:39.706Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-49373\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-10-22T16:15:08.860\",\"lastModified\":\"2024-10-30T21:16:59.213\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.\"},{\"lang\":\"es\",\"value\":\" No Fuss Computing Centurion ERP es un software de planificaci\u00f3n de recursos empresariales (ERP) de c\u00f3digo abierto. Antes de la versi\u00f3n 1.2.1, un usuario autenticado pod\u00eda ver proyectos dentro de organizaciones de las que no formaba parte. La versi\u00f3n 1.2.1 soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":4.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.5,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-653\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nofusscomputing:centurion_erp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.1\",\"matchCriteriaId\":\"6D4A55D5-C672-4ED6-B9F6-A93AFFE1990C\"}]}]}],\"references\":[{\"url\":\"https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nofusscomputing/centurion_erp/pull/358\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}", "vulnrichment": { "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-49373\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-22T17:09:37.342042Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-22T17:09:42.737Z\"}}], \"cna\": {\"title\": \"Centurion ERP user can view projects from organizations they\u0027re not apart of\", \"source\": {\"advisory\": \"GHSA-5qmx-pr2f-qhj5\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.1, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nofusscomputing\", \"product\": \"centurion_erp\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.2.1\"}]}], \"references\": [{\"url\": \"https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5\", \"name\": \"https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nofusscomputing/centurion_erp/pull/358\", \"name\": \"https://github.com/nofusscomputing/centurion_erp/pull/358\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae\", \"name\": \"https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-653\", \"description\": \"CWE-653: Improper Isolation or Compartmentalization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-10-22T15:58:37.360Z\"}}}", "cveMetadata": "{\"cveId\": \"CVE-2024-49373\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-22T17:13:39.706Z\", \"dateReserved\": \"2024-10-14T13:56:34.811Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-10-22T15:58:37.360Z\", \"assignerShortName\": \"GitHub_M\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…