CVE-2019-10138 – novajoin

Package

Manager: pip
Name: novajoin
Vulnerable Version: >=0 <1.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00465 pctl0.6345

Details

Improper Access Control in novajoin A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

Metadata

Created: 2020-03-12T16:54:06Z
Modified: 2024-09-26T14:41:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/03/GHSA-xf8c-3cgx-fcwm/GHSA-xf8c-3cgx-fcwm.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-xf8c-3cgx-fcwm
Finding: F039
Auto approve: 1