Lucene search

Redhat.comRH:CVE-2023-38898

HistoryAug 22, 2023 - 5:50 p.m.

CVE-2023-38898

2023-08-2217:50:29

redhat.com

access.redhat.com

python

vulnerability

sensitive information

_asyncio._swap_current_task

mitigation

red hat product security

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

35.9%

JSON

A vulnerability was found in Python. This flaw allows an attacker to acquire sensitive information through the _asyncio._swap_current_task component.

Mitigation

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

bugzilla.redhat.com/show_bug.cgi?id=2233280

nvd.nist.gov/vuln/detail/CVE-2023-38898

www.cve.org/CVERecord?id=CVE-2023-38898

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

35.9%

JSON

Related for RH:CVE-2023-38898