Lucene search

[email protected]NVD:CVE-2023-38898

HistoryAug 15, 2023 - 5:15 p.m.

CVE-2023-38898

2023-08-1517:15:12

[email protected]

web.nvd.nist.gov

python

cpython

3.7

_asyncio

swap_current_task

sensitive information

attacker

bug

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug.

Affected configurations

Nvd

Node

pythonpythonMatch3.13.0alpha0

VendorProductVersionCPE
pythonpython3.13.0cpe:2.3:a:python:python:3.13.0:alpha0:*:*:*:*:*:*

Vendor	Product	Version	CPE
python	python	3.13.0	cpe:2.3:a:python:python:3.13.0:alpha0::::::

References

github.com/python/cpython/issues/105987

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

Related for NVD:CVE-2023-38898

prion1 cve1 redhatcve1 ubuntucve1 cvelist1 debiancve1 osv6