CVE-2019-10138
python-novajoin: novajoin API lacks access control
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
Se detectó un fallo en el plugin python-novajoin, todas las versiones hasta 1.1.1, excluyéndola, para Red Hat OpenStack Platform. La API de novajoin carecía de un control de acceso suficiente, permitiendo a cualquier usuario autenticado pulsaciones de teclas para generar tokens FreeIPA.
A flaw was discovered in the python-novajoin plugin for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
This Python package provides a dynamic vendordata plugin for the OpenStack nova metadata service to manage host instantiation in an IPA server. A missing folder issue was addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-27 CVE Reserved
- 2019-07-10 CVE Published
- 2024-08-04 CVE Updated
- 2025-06-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138 | Issue Tracking | |
| https://review.opendev.org/#/c/631240 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2019-10138 | 2019-07-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1670573 | 2019-07-10 |