A flaw was found in python-novajoin plugin for Openstack. Lack of proper access control permits generation of tokens from authenticated users for HTTP calls to novajoin API. References: https://bugzilla.redhat.com/show_bug.cgi?id=1665522
Upstream fix: https://review.opendev.org/#/c/631240/
Acknowledgments: Name: Grzegorz Grasza (Red Hat)
External References: https://review.opendev.org/#/c/631240/
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:1728 https://access.redhat.com/errata/RHSA-2019:1728
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10138