Lucene search

[email protected]NVD:CVE-2021-3426

HistoryMay 20, 2021 - 1:15 p.m.

CVE-2021-3426

2021-05-2013:15:07

CWE-200

CWE-22

[email protected]

web.nvd.nist.gov

2.7 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

26.4%

JSON

There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Affected configurations

NVD

Node

pythonpythonRange<2.7.18

pythonpythonRange3.6.0–3.6.13

pythonpythonRange3.7.0–3.7.10

pythonpythonRange3.8.0–3.8.8

pythonpythonRange3.9.0–3.9.3

pythonpythonMatch3.10.0alpha1

pythonpythonMatch3.10.0alpha2

pythonpythonMatch3.10.0alpha3

pythonpythonMatch3.10.0alpha4

pythonpythonMatch3.10.0alpha5

pythonpythonMatch3.10.0alpha6

Node

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

Node

debiandebian_linuxMatch9.0

Node

redhatsoftware_collectionsMatch-

redhatenterprise_linuxMatch8.0

Node

netappcloud_backupMatch-

netappontap_select_deploy_administration_utilityMatch-

netappsnapcenterMatch-

Node

oraclecommunications_cloud_native_core_binding_support_functionMatch1.10.0

oraclezfs_storage_appliance_kitMatch8.8

References

bugzilla.redhat.com/show_bug.cgi?id=1935913

lists.debian.org/debian-lts-announce/2021/04/msg00005.html

lists.debian.org/debian-lts-announce/2023/06/msg00039.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/

security.gentoo.org/glsa/202104-04

security.netapp.com/advisory/ntap-20210629-0003/

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpuoct2021.html

2.7 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

26.4%

JSON

Related for NVD:CVE-2021-3426