Описание
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
Ссылки
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.1 (исключая)
cpe:2.3:a:python:novajoin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00442
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-Other
Связанные уязвимости
CVSS3: 7.1
redhat
около 7 лет назад
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
EPSS
Процентиль: 63%
0.00442
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-Other