CVE-2019-10138

HIGH

python-novajoin <1.1.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138
Third Party Advisory x_refsource_misc
https://review.opendev.org/#/c/631240/

Scores

CVSS v3 8.8
EPSS 0.0044
EPSS Percentile 63.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (2)
pypi/novajoin 0 - 1.1.1PyPI
python/novajoin < 1.1.1
Published Jul 30, 2019
Tracked Since Feb 18, 2026