0.001 Low
EPSS
Percentile
40.2%
novajoin uses insecure access controls. The lack of access controls allows an attacker to generate tokens from authenticated users to gain access to HTTP calls to the API.
bugzilla.redhat.com/show_bug.cgi?id=1670573
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138
review.opendev.org/#/c/631240/