CVE-2019-10138 Information

Description

A flaw was discovered in the python-novajoin plugin all versions up to excluding 1.1.1 for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control allowing any keystone authenticated user to generate FreeIPA tokens.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138 https://review.opendev.org//c/631240/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8