GHSA-xf8c-3cgx-fcwm

Suggest an improvement
Source
https://github.com/advisories/GHSA-xf8c-3cgx-fcwm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/03/GHSA-xf8c-3cgx-fcwm/GHSA-xf8c-3cgx-fcwm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xf8c-3cgx-fcwm
Aliases
Published
2020-03-12T16:54:06Z
Modified
2024-02-16T08:18:16.065461Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Improper Access Control in novajoin
Details

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

References

Affected packages

PyPI / novajoin

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1

Affected versions

1.*

1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.1.0

Database specific

{
    "last_known_affected_version_range": "<= 1.1.0"
}