3 matches found
CVE-2024-53855
Centurion ERP prior to 1.3.1 allows an authenticated user with certain ticket-view permissions (view_ticket_change, view_ticket_incident, view_ticket_request, view_ticket_problem) to view tickets belonging to other organizations when using the API endpoints for tickets. The UI and Project Tasks a...
CVE-2024-49373
CVE-2024-49373 affects No Fuss Computing Centurion ERP. Prior to version 1.2.1, an authenticated user can view projects within organizations they do not belong to. The issue is fixed in version 1.2.1. Affected: Centurion ERP (No Fuss Computing); Root cause: exposed access to cross-organization pr...
CVE-2025-58156
CVE-2025-58156 (Centurion ERP) affects Centurion ERP versions 1.12.0 to before 1.21.0. An authenticated user could view token details in the database, including the actual token in hashed form (no unhashed tokens were viewable). The issue has been patched in version 1.21.0. A workaround that disa...