PYSEC-2019-192

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/novajoin/PYSEC-2019-192.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2019-192

Aliases

CVE-2019-10138
GHSA-xf8c-3cgx-fcwm

Published

2019-07-30T17:15:00Z

Modified

2023-11-08T04:00:41.571952Z

Summary

[none]

Details

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138
https://review.opendev.org/#/c/631240/
https://github.com/advisories/GHSA-xf8c-3cgx-fcwm

Affected packages

PyPI / novajoin

Package

Name: novajoin; View open source insights on deps.dev
Purl: pkg:pypi/novajoin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1

Affected versions

1.*

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.20

1.0.21

1.0.22

1.1.0