CVE-2019-10138
7.1
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | python-novajoin | all up to, excluding 1.1.1 | affected |
Weaknesses
- CWE-284: CWE-284
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.