Insufficient Access Control in python-novajoin Plugin Allows Unauthorized FreeIPA Token Generation

Insufficient Access Control in python-novajoin Plugin Allows Unauthorized FreeIPA Token Generation

CVE-2019-10138 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

Learn more about our Api Penetration Testing.