CVE-2021-3426
python: Information disclosure via pydoc
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
Se presenta un fallo en pydoc de Python versión 3. Un atacante local o adyacente que descubre o es capaz de convencer a otro usuario local o adyacente para que iniciar un servidor pydoc podría acceder al servidor y usarlo para divulgar información confidencial perteneciente al otro usuario al que normalmente no podría acceder. El mayor riesgo de este fallo es la confidencialidad de los datos. Este fallo afecta a Python versiones anteriores a 3.8.9, Python versiones anteriores a 3.9.3 y Python versiones anteriores a 3.10.0a7
A flaw was found in Python 3's pydoc. This flaw allows a local or adjacent attacker who discovers or can convince another local or adjacent user to start a pydoc server to access the server and then use it to disclose sensitive information belonging to the other user that they would not normally have the ability to access. The highest threat from this vulnerability is to data confidentiality.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-09 CVE Reserved
- 2021-05-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (15)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20210629-0003 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1935913 | 2021-11-09 | |
https://www.oracle.com/security-alerts/cpujan2022.html | 2023-11-07 | |
https://www.oracle.com/security-alerts/cpuoct2021.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | < 2.7.18 Search vendor "Python" for product "Python" and version " < 2.7.18" | - |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.6.0 < 3.6.13 Search vendor "Python" for product "Python" and version " >= 3.6.0 < 3.6.13" | - |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.7.0 < 3.7.10 Search vendor "Python" for product "Python" and version " >= 3.7.0 < 3.7.10" | - |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.8.0 < 3.8.8 Search vendor "Python" for product "Python" and version " >= 3.8.0 < 3.8.8" | - |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.9.0 < 3.9.3 Search vendor "Python" for product "Python" and version " >= 3.9.0 < 3.9.3" | - |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.10.0 Search vendor "Python" for product "Python" and version "3.10.0" | alpha1 |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.10.0 Search vendor "Python" for product "Python" and version "3.10.0" | alpha2 |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.10.0 Search vendor "Python" for product "Python" and version "3.10.0" | alpha3 |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.10.0 Search vendor "Python" for product "Python" and version "3.10.0" | alpha4 |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.10.0 Search vendor "Python" for product "Python" and version "3.10.0" | alpha5 |
Affected
| ||||||
Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.10.0 Search vendor "Python" for product "Python" and version "3.10.0" | alpha6 |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Software Collections Search vendor "Redhat" for product "Software Collections" | - | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Binding Support Function Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" | 1.10.0 Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "1.10.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Zfs Storage Appliance Kit Search vendor "Oracle" for product "Zfs Storage Appliance Kit" | 8.8 Search vendor "Oracle" for product "Zfs Storage Appliance Kit" and version "8.8" | - |
Affected
|