CVE-2019-10138

Опубликовано: 17 янв. 2019

Источник: redhat

CVSS3: 7.1

EPSS Низкий

Описание

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

A flaw was discovered in the python-novajoin plugin for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenStack Platform 15 (Stein)	python-novajoin	Not affected
Red Hat OpenStack Platform 13.0 (Queens)	python-novajoin	Fixed	RHSA-2019:1728	10.07.2019
Red Hat OpenStack Platform 14.0 (Rocky)	ansible-role-container-registry	Fixed	RHBA-2019:0944	30.04.2019
Red Hat OpenStack Platform 14.0 (Rocky)	ansible-role-redhat-subscription	Fixed	RHBA-2019:0944	30.04.2019
Red Hat OpenStack Platform 14.0 (Rocky)	ansible-role-tripleo-modify-image	Fixed	RHBA-2019:0944	30.04.2019
Red Hat OpenStack Platform 14.0 (Rocky)	ansible-tripleo-ipsec	Fixed	RHBA-2019:0944	30.04.2019
Red Hat OpenStack Platform 14.0 (Rocky)	openstack-barbican	Fixed	RHBA-2019:0944	30.04.2019
Red Hat OpenStack Platform 14.0 (Rocky)	openstack-designate	Fixed	RHBA-2019:0944	30.04.2019
Red Hat OpenStack Platform 14.0 (Rocky)	openstack-heat-ui	Fixed	RHBA-2019:0944	30.04.2019
Red Hat OpenStack Platform 14.0 (Rocky)	openstack-kuryr-kubernetes	Fixed	RHBA-2019:0944	30.04.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-284

https://bugzilla.redhat.com/show_bug.cgi?id=1670573python-novajoin: novajoin API lacks access control

EPSS

Процентиль: 63%

0.00442

Низкий

7.1 High

CVSS3

Связанные уязвимости

CVE-2019-10138

CVSS3: 8.8

nvd

больше 6 лет назад

GHSA-xf8c-3cgx-fcwm