CVE-2021-3426Sensitive Information Exposure in Python

CWE-200Sensitive Information ExposureCWE-22Path Traversal13 documents8 sources
Severity
5.7MEDIUMNVD
EPSS
0.1%
top 76.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
PythonDebian LinuxFedoraproject Fedora+3 more
Timeline
PublishedMay 20
Latest updateJul 11

Description

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages4 packages

NVDpython/python3.6.03.6.13+5
CVEListV5python/pythonpython 3.8.9, python 3.9.3, python 3.10.0a7

Also affects: Debian Linux 9.0, Fedora 32, 33, 34, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
GHSA
GHSA-6qp6-q95v-x2qw: There's a flaw in Python 3's pydoc2022-05-24
OSV
python3.7 vulnerability2022-05-23
OSV
python2.7, python3.4, python3.5, python3.6, python3.8 vulnerabilities2022-03-28
OSV
CVE-2021-3426: There's a flaw in Python 3's pydoc2021-05-20
CVEList
CVE-2021-3426: There's a flaw in Python 3's pydoc2021-05-20

📋Vendor Advisories

7
Ubuntu
Python vulnerabilities2024-07-11
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (Python) — CVE-2021-34262022-10-15
Ubuntu
Python vulnerability2022-05-23
Ubuntu
Python vulnerabilities2022-03-28
Oracle
Oracle Oracle Communications Risk Matrix: Binding Support Function (Python) — CVE-2021-34262022-01-15
CVE-2021-3426 — Sensitive Information Exposure | cvebase