Home

CVE-2021-3426

Description

Theres a flaw in Python 3s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Risk Information

Base Score
5.7
MODERATE
Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.08

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-3426 are affected in Python 3.8.7Windows
Multiple Vulnerabilities are affected in Python 3.10.0Windows
Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3Windows
SUSE-SU-2021:1490-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-3.6.13-4.39.1.x86_64.rpmLinux
SUSE-SU-2021:1490-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-debuginfo-3.6.13-4.39.1.x86_64.rpmLinux
SUSE-SU-2021:1490-1(SUSE Linux Enterprise Server 12-SP5 ) python36-3.6.13-4.39.1.x86_64.rpmLinux
SUSE-SU-2021:1490-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-3.6.13-4.39.1.x86_64.rpmLinux
SUSE-SU-2021:1490-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-debuginfo-3.6.13-4.39.1.x86_64.rpmLinux
SUSE-SU-2021:1490-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debuginfo-3.6.13-4.39.1.x86_64.rpmLinux
SUSE-SU-2021:1490-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debugsource-3.6.13-4.39.1.x86_64.rpmLinux
SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-3.6.15-11.1.x86_64.rpmLinux
SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-debuginfo-3.6.15-11.1.x86_64.rpmLinux
SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) python36-3.6.15-11.1.x86_64.rpmLinux
SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-3.6.15-11.1.x86_64.rpmLinux
SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-debuginfo-3.6.15-11.1.x86_64.rpmLinux
SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debuginfo-3.6.15-11.1.x86_64.rpmLinux
SUSE-SU-2021:3486-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debugsource-3.6.15-11.1.x86_64.rpmLinux
Python3 update (ELSA-2021-9562) python3-3.6.8-18.0.5.el7.i686.rpmLinux
Python3 update (ELSA-2021-9562) python3-3.6.8-18.0.5.el7.x86_64.rpmLinux
Python3-debug update (ELSA-2021-9562) python3-debug-3.6.8-18.0.5.el7.i686.rpmLinux
Python3-debug update (ELSA-2021-9562) python3-debug-3.6.8-18.0.5.el7.x86_64.rpmLinux
Python3-devel update (ELSA-2021-9562) python3-devel-3.6.8-18.0.5.el7.i686.rpmLinux
Python3-devel update (ELSA-2021-9562) python3-devel-3.6.8-18.0.5.el7.x86_64.rpmLinux
Python3-idle update (ELSA-2021-9562) python3-idle-3.6.8-18.0.5.el7.i686.rpmLinux
Python3-idle update (ELSA-2021-9562) python3-idle-3.6.8-18.0.5.el7.x86_64.rpmLinux
Python3-libs update (ELSA-2021-9562) python3-libs-3.6.8-18.0.5.el7.i686.rpmLinux
Python3-libs update (ELSA-2021-9562) python3-libs-3.6.8-18.0.5.el7.x86_64.rpmLinux
Python3-test update (ELSA-2021-9562) python3-test-3.6.8-18.0.5.el7.i686.rpmLinux
Python3-test update (ELSA-2021-9562) python3-test-3.6.8-18.0.5.el7.x86_64.rpmLinux
Python3-tkinter update (ELSA-2021-9562) python3-tkinter-3.6.8-18.0.5.el7.i686.rpmLinux
Python3-tkinter update (ELSA-2021-9562) python3-tkinter-3.6.8-18.0.5.el7.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python-lxml-debugsource-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.noarch.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-debug-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-debugsource-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-devel-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-idle-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.noarch.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-lxml-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-doc-1.17.3-6.module+el8.5.0+12205+a865257a.noarch.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-rpm-macros-3.8.8-4.module+el8.5.0+12205+a865257a.noarch.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-test-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-tkinter-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.noarch.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpmLinux
(RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-wheel-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpmLinux
An interactive high-level object-oriented language (USN-5342-1) python2.7_2.7.17-1~18.04ubuntu1.8_i386.debLinux
An interactive high-level object-oriented language (USN-5342-1) python2.7_2.7.17-1~18.04ubuntu1.8_amd64.debLinux
An interactive high-level object-oriented language (USN-5342-1) python3.6_3.6.9-1~18.04ubuntu1.8_i386.debLinux
An interactive high-level object-oriented language (USN-5342-1) python3.6_3.6.9-1~18.04ubuntu1.8_amd64.debLinux
An interactive high-level object-oriented language (USN-5342-1) python3.8_3.8.10-0ubuntu1~20.04.5_i386.debLinux
An interactive high-level object-oriented language (USN-5342-1) python3.8_3.8.10-0ubuntu1~20.04.5_amd64.debLinux
An interactive high-level object-oriented language (USN-5342-1) python2.7-minimal_2.7.17-1~18.04ubuntu1.8_i386.debLinux
An interactive high-level object-oriented language (USN-5342-1) python2.7-minimal_2.7.17-1~18.04ubuntu1.8_amd64.debLinux
An interactive high-level object-oriented language (USN-5342-1) python3.6-minimal_3.6.9-1~18.04ubuntu1.8_i386.debLinux
An interactive high-level object-oriented language (USN-5342-1) python3.6-minimal_3.6.9-1~18.04ubuntu1.8_amd64.debLinux
An interactive high-level object-oriented language (USN-5342-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.5_i386.debLinux
An interactive high-level object-oriented language (USN-5342-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.5_amd64.debLinux
Python3 update (ELSA-2023-3556) python3-3.6.8-19.0.1.el7_9.i686.rpmLinux
Python3 update (ELSA-2023-3556) python3-3.6.8-19.0.1.el7_9.x86_64.rpmLinux
Python3-debug update (ELSA-2023-3556) python3-debug-3.6.8-19.0.1.el7_9.i686.rpmLinux
Python3-debug update (ELSA-2023-3556) python3-debug-3.6.8-19.0.1.el7_9.x86_64.rpmLinux
Python3-devel update (ELSA-2023-3556) python3-devel-3.6.8-19.0.1.el7_9.i686.rpmLinux
Python3-devel update (ELSA-2023-3556) python3-devel-3.6.8-19.0.1.el7_9.x86_64.rpmLinux
Python3-idle update (ELSA-2023-3556) python3-idle-3.6.8-19.0.1.el7_9.i686.rpmLinux
Python3-idle update (ELSA-2023-3556) python3-idle-3.6.8-19.0.1.el7_9.x86_64.rpmLinux
Python3-libs update (ELSA-2023-3556) python3-libs-3.6.8-19.0.1.el7_9.i686.rpmLinux
Python3-libs update (ELSA-2023-3556) python3-libs-3.6.8-19.0.1.el7_9.x86_64.rpmLinux
Python3-test update (ELSA-2023-3556) python3-test-3.6.8-19.0.1.el7_9.i686.rpmLinux
Python3-test update (ELSA-2023-3556) python3-test-3.6.8-19.0.1.el7_9.x86_64.rpmLinux
Python3-tkinter update (ELSA-2023-3556) python3-tkinter-3.6.8-19.0.1.el7_9.i686.rpmLinux
Python3-tkinter update (ELSA-2023-3556) python3-tkinter-3.6.8-19.0.1.el7_9.x86_64.rpmLinux
Python3 update (ELSA-2023-6823) python3-3.6.8-21.0.1.el7_9.i686.rpmLinux
Python3 update (ELSA-2023-6823) python3-3.6.8-21.0.1.el7_9.x86_64.rpmLinux
Python3-debug update (ELSA-2023-6823) python3-debug-3.6.8-21.0.1.el7_9.i686.rpmLinux
Python3-debug update (ELSA-2023-6823) python3-debug-3.6.8-21.0.1.el7_9.x86_64.rpmLinux
Python3-devel update (ELSA-2023-6823) python3-devel-3.6.8-21.0.1.el7_9.i686.rpmLinux
Python3-devel update (ELSA-2023-6823) python3-devel-3.6.8-21.0.1.el7_9.x86_64.rpmLinux
Python3-idle update (ELSA-2023-6823) python3-idle-3.6.8-21.0.1.el7_9.i686.rpmLinux
Python3-idle update (ELSA-2023-6823) python3-idle-3.6.8-21.0.1.el7_9.x86_64.rpmLinux
Python3-libs update (ELSA-2023-6823) python3-libs-3.6.8-21.0.1.el7_9.i686.rpmLinux
Python3-libs update (ELSA-2023-6823) python3-libs-3.6.8-21.0.1.el7_9.x86_64.rpmLinux
Python3-test update (ELSA-2023-6823) python3-test-3.6.8-21.0.1.el7_9.i686.rpmLinux
Python3-test update (ELSA-2023-6823) python3-test-3.6.8-21.0.1.el7_9.x86_64.rpmLinux
Python3-tkinter update (ELSA-2023-6823) python3-tkinter-3.6.8-21.0.1.el7_9.i686.rpmLinux
Python3-tkinter update (ELSA-2023-6823) python3-tkinter-3.6.8-21.0.1.el7_9.x86_64.rpmLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_i386.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234