Jon-Nfc

Name of the Vulnerable Software and Affected Versions: Centurion ERP versions prior to 1.3.1 Description: A user with view permissions for a ticket can view the tickets of another organization they are not a part of, if they have specific permissions such as `view ticket change`, `view ticket incident`, `view ticket request`, or `view ticket problem`. This issue is applicable when browsing the API endpoints for the tickets in question and does not affect the Centurion UI or Project Tasks. Recommendations: For versions prior to 1.3.1, upgrade to release version 1.3.1 to address the issue. As a temporary workaround, consider removing the ticket view permissions from users to alleviate this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No Fuss Computing Centurion ERP versions prior to 1.2.1 **Description** The issue allows an authenticated user to view projects within organizations they are not a part of. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 to resolve the issue.