CVE-2019-10138

HIGH

python-novajoin <1.1.1 - Privilege Escalation

Title source: llm

Description

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

References (2)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138

[Third Party Advisory] https://review.opendev.org/#/c/631240/

Scores

CVSS v3 8.8

EPSS 0.0044

EPSS Percentile 62.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-284

Status published

Affected Products (2)

python/novajoin < 1.1.1

pypi/novajoin < 1.1.1PyPI

Timeline

Published Jul 30, 2019

Tracked Since Feb 18, 2026