Ubuntu.comUB:CVE-2023-38898CVE-2023-38898
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
35.9%
DISPUTED An issue in Python cpython v.3.7 allows an attacker to
obtain sensitive information via the _asyncio._swap_current_task component.
NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other
release is affected (it is a bug in some 3.12 pre-releases); (2) there are
no common scenarios in which an adversary can call
_asyncio._swap_current_task but does not already have the ability to call
arbitrary functions; and (3) there are no common scenarios in which
sensitive information, which is not already accessible to an adversary,
becomes accessible through this bug.
Bugs
Notes
| Author | Note |
|---|---|
| litios | This was introduced by commit a474e043 in version v3.12.0b1 |
| mdeslaur | This CVE was disputed, marking as not-affected |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
35.9%