CVE-2024-53855
Centurion ERP prior to 1.3.1 allows an authenticated user with certain ticket-view permissions (view_ticket_change, view_ticket_incident, view_ticket_request, view_ticket_problem) to view tickets belonging to other organizations when using the API endpoints for tickets. The UI and Project Tasks a...