CVE-2019-10138

CVE Database · CVE-2019-10138

CVE-2019-10138

· HIGHModified

CVSS v3.1

8.8

EPSS

1.00%

Published

Jul 30, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-284

Affected Products (1)

python · novajoin (up to 1.1.1)vulnerable

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138

Issue TrackingThird Party Advisory

https://review.opendev.org/#/c/631240/

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138

Issue TrackingThird Party Advisory

https://review.opendev.org/#/c/631240/

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs