CVE-2019-10138 – python-novajoin: novajoin API lacks access control

https://notcve.org/view.php?id=CVE-2019-10138

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens. Se detectó un fallo en el plugin python-novajoin, todas las versiones hasta 1.1.1, excluyéndola, para Red Hat OpenStack Platform. La API de novajoin carecía de un control de acceso suficiente, permitiendo a cualquier usuario autenticado pulsaciones de teclas para generar tokens FreeIPA. A flaw was discovered in the python-novajoin plugin for Red Hat OpenStack Platform. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138 https://review.opendev.org/#/c/631240 https://access.redhat.com/security/cve/CVE-2019-10138 https://bugzilla.redhat.com/show_bug.cgi?id=1670573 • CWE-284: Improper Access Control •