Lucene search

[email protected]CVE-2021-3426

HistoryMay 20, 2021 - 1:15 p.m.

CVE-2021-3426

2021-05-2013:15:07

CWE-200

CWE-22

[email protected]

web.nvd.nist.gov

1596

cve-2021-3426

python

pydoc

data confidentiality

vulnerability

nvd

security

information disclosure

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

2.7 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

26.2%

JSON

There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Affected configurations

Vulners

NVD

Node

pythonpythonRange≤3.8.9

pythonpythonRange≤3.9.3

pythonpythonRange≤3.10.0

VendorProductVersionCPE
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
python	python	*	cpe:2.3:a:python:python::::::::
python	python	*	cpe:2.3:a:python:python::::::::
python	python	*	cpe:2.3:a:python:python::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "python",
    "versions": [
      {
        "version": "python 3.8.9, python 3.9.3, python 3.10.0a7",
        "status": "affected"
      }
    ]
  }
]