CVE-2021-3426
python: Information disclosure via pydoc
Severity Score
Exploit Likelihood
Affected Versions
22Public Exploits
0Exploited in Wild
-Decision
Descriptions
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
Se presenta un fallo en pydoc de Python versión 3. Un atacante local o adyacente que descubre o es capaz de convencer a otro usuario local o adyacente para que iniciar un servidor pydoc podría acceder al servidor y usarlo para divulgar información confidencial perteneciente al otro usuario al que normalmente no podría acceder. El mayor riesgo de este fallo es la confidencialidad de los datos. Este fallo afecta a Python versiones anteriores a 3.8.9, Python versiones anteriores a 3.9.3 y Python versiones anteriores a 3.10.0a7
A flaw was found in Python 3's pydoc. This flaw allows a local or adjacent attacker who discovers or can convince another local or adjacent user to start a pydoc server to access the server and then use it to disclose sensitive information belonging to the other user that they would not normally have the ability to access. The highest threat from this vulnerability is to data confidentiality.
Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. Issues addressed include a bypass vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-09 CVE Reserved
- 2021-05-03 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/0... | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2023/0... | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210629-... | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1935913 | 2021-11-09 | |
| https://www.oracle.com/security-alerts/cpujan2022.html | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | 2023-11-07 |