Lucene search

[email protected]CVE-2023-38898

HistoryAug 15, 2023 - 5:15 p.m.

CVE-2023-38898

2023-08-1517:15:12

[email protected]

web.nvd.nist.gov

python

cpython

v3.7

cve-2023-38898

security vulnerability

asyncio

sensitive information

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug.

Affected configurations

NVD

Node

pythonpythonMatch3.13.0alpha0

CPENameOperatorVersion
python:pythonpythoneq3.13.0

CPE	Name	Operator	Version
python:python	python	eq	3.13.0

References

github.com/python/cpython/issues/105987

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-38898

prion1 ubuntucve1 nvd1 redhatcve1 cvelist1 debiancve1 osv6