A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.Referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138https://review.opendev.org/#/c/631240/
