Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for python-novajoin by Red Hat

    CVE-2019-10138 (GCVE-0-2019-10138)

    Vulnerability from nvd – Published: 2019-07-30 16:16 – Updated: 2024-08-04 22:10
    VLAI
    Summary
    A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat python-novajoin Affected: all up to, excluding 1.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:10:10.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://review.opendev.org/#/c/631240/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "python-novajoin",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "all up to, excluding 1.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-30T16:16:51.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://review.opendev.org/#/c/631240/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2019-10138",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "python-novajoin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all up to, excluding 1.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138"
                },
                {
                  "name": "https://review.opendev.org/#/c/631240/",
                  "refsource": "MISC",
                  "url": "https://review.opendev.org/#/c/631240/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2019-10138",
        "datePublished": "2019-07-30T16:16:51.000Z",
        "dateReserved": "2019-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:10:10.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10138 (GCVE-0-2019-10138)

    Vulnerability from cvelistv5 – Published: 2019-07-30 16:16 – Updated: 2024-08-04 22:10
    VLAI
    Summary
    A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat python-novajoin Affected: all up to, excluding 1.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:10:10.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://review.opendev.org/#/c/631240/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "python-novajoin",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "all up to, excluding 1.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-30T16:16:51.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://review.opendev.org/#/c/631240/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2019-10138",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "python-novajoin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all up to, excluding 1.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138"
                },
                {
                  "name": "https://review.opendev.org/#/c/631240/",
                  "refsource": "MISC",
                  "url": "https://review.opendev.org/#/c/631240/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2019-10138",
        "datePublished": "2019-07-30T16:16:51.000Z",
        "dateReserved": "2019-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:10:10.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }