Lucene search

K
cveRedhatCVE-2021-3426
HistoryMay 20, 2021 - 1:15 p.m.

CVE-2021-3426

2021-05-2013:15:07
CWE-200
CWE-22
redhat
web.nvd.nist.gov
1617
7
cve-2021-3426
python
pydoc
data confidentiality
vulnerability
nvd
security
information disclosure

CVSS2

2.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

26.2%

There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Affected configurations

Nvd
Vulners
Node
pythonpythonRange<2.7.18
OR
pythonpythonRange3.6.0–3.6.13
OR
pythonpythonRange3.7.0–3.7.10
OR
pythonpythonRange3.8.0–3.8.8
OR
pythonpythonRange3.9.0–3.9.3
OR
pythonpythonMatch3.10.0alpha1
OR
pythonpythonMatch3.10.0alpha2
OR
pythonpythonMatch3.10.0alpha3
OR
pythonpythonMatch3.10.0alpha4
OR
pythonpythonMatch3.10.0alpha5
OR
pythonpythonMatch3.10.0alpha6
Node
fedoraprojectfedoraMatch32
OR
fedoraprojectfedoraMatch33
OR
fedoraprojectfedoraMatch34
Node
debiandebian_linuxMatch9.0
Node
redhatsoftware_collectionsMatch-
OR
redhatenterprise_linuxMatch8.0
Node
netappcloud_backupMatch-
OR
netappontap_select_deploy_administration_utilityMatch-
OR
netappsnapcenterMatch-
Node
oraclecommunications_cloud_native_core_binding_support_functionMatch1.10.0
OR
oraclezfs_storage_appliance_kitMatch8.8
VendorProductVersionCPE
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
pythonpython3.10.0cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:*
pythonpython3.10.0cpe:2.3:a:python:python:3.10.0:alpha2:*:*:*:*:*:*
pythonpython3.10.0cpe:2.3:a:python:python:3.10.0:alpha3:*:*:*:*:*:*
pythonpython3.10.0cpe:2.3:a:python:python:3.10.0:alpha4:*:*:*:*:*:*
pythonpython3.10.0cpe:2.3:a:python:python:3.10.0:alpha5:*:*:*:*:*:*
pythonpython3.10.0cpe:2.3:a:python:python:3.10.0:alpha6:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Rows per page:
1-10 of 181

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "python",
    "versions": [
      {
        "version": "python 3.8.9, python 3.9.3, python 3.10.0a7",
        "status": "affected"
      }
    ]
  }
]

References

Social References

More

CVSS2

2.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

26.2%