Insecure Access Controls

2019-05-2703:24:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

40.3%

JSON

novajoin uses insecure access controls. The lack of access controls allows an attacker to generate tokens from authenticated users to gain access to HTTP calls to the API.

CPENameOperatorVersion
novajoinle1.1.0
python-oslo-cacheeq0.7.0__1.el7ost
python-oslo-cacheeq1.14.0__1.1.el7ost
python-oslo-cacheeq1.25.1__1.el7ost
python-oslo-cacheeq1.5.0__1.el7ost
python-oslo-cacheeq1.25.0__1.el7ost
python-oslo-cacheeq1.28.0__1.el7ost
python-oslo-cacheeq1.17.0__1.el7ost
ansible-role-container-registryeq1.0.1__0.20181003162447.ddf8d09.el7ost
ansible-role-container-registryeq1.0.0__1.el7

Name	Operator	Version
novajoin	le	1.1.0
python-oslo-cache	eq	0.7.0__1.el7ost
python-oslo-cache	eq	1.14.0__1.1.el7ost
python-oslo-cache	eq	1.25.1__1.el7ost
python-oslo-cache	eq	1.5.0__1.el7ost
python-oslo-cache	eq	1.25.0__1.el7ost
python-oslo-cache	eq	1.28.0__1.el7ost
python-oslo-cache	eq	1.17.0__1.el7ost
ansible-role-container-registry	eq	1.0.1__0.20181003162447.ddf8d09.el7ost
ansible-role-container-registry	eq	1.0.0__1.el7