{"id":"PYSEC-2019-192","details":"A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.","aliases":["CVE-2019-10138","GHSA-xf8c-3cgx-fcwm"],"modified":"2023-11-08T04:00:41.571952Z","published":"2019-07-30T17:15:00Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138"},{"type":"WEB","url":"https://review.opendev.org/#/c/631240/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-xf8c-3cgx-fcwm"}],"affected":[{"package":{"name":"novajoin","ecosystem":"PyPI","purl":"pkg:pypi/novajoin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1"}]}],"versions":["1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.15","1.0.16","1.0.17","1.0.18","1.0.19","1.0.20","1.0.21","1.0.22","1.0.9","1.1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/novajoin/PYSEC-2019-192.yaml"}}],"schema_version":"1.7.3"}