CVE-2019-10138

Summary

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

Affected Software

VendorProductVersion RangeStatus
Red Hatpython-novajoinall up to, excluding 1.1.1affected

Weaknesses

  • CWE-284: CWE-284

ADP Enrichment

CVE Program Container

Additional References

References