CVE-2019-10138

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10138

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10138.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10138

Aliases

Downstream

RHBA-2019:0944

RHSA-2019:1728

Published

2019-07-30T17:15:12.390Z

Modified

2026-03-14T09:30:46.860279Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.1.1"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10138.json"