CVE-2021-3426

Updated: 2023-11-07 19:27:46.173761

Description:

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x LOW 2.7
CVSS Version 3.x MEDIUM 5.7

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS python 2.6.6 5.7 MEDIUM Not Vulnerable 2022-03-01 11:49:16
CentOS 7 ELS python3 3.6.8 5.7 MEDIUM Ignored 2023-09-19 09:30:17
CentOS 7 ELS python 2.7.5 5.7 MEDIUM Ignored 2023-09-19 09:30:17
CentOS 8.4 ELS python3 3.6.8 5.7 MEDIUM Released CLSA-2022:1653920195 2022-05-30 11:38:34
CentOS 8.4 ELS python2 2.7.18 5.7 MEDIUM Not Vulnerable 2022-08-01 05:05:18
CentOS 8.5 ELS python2 2.7.18 5.7 MEDIUM Not Vulnerable 2022-08-01 05:05:18
CentOS 8.5 ELS python3 3.6.8 5.7 MEDIUM Already Fixed 2022-08-02 04:40:33
CloudLinux 6 ELS python 2.6.6 5.7 MEDIUM Not Vulnerable 2022-03-01 11:49:16
Oracle Linux 6 ELS python 2.6.6 5.7 MEDIUM Not Vulnerable 2022-03-01 11:49:16
Ubuntu 16.04 ELS python3.5 3.5.2 5.7 MEDIUM Released CLSA-2021:1638804072 2022-02-07 12:01:38
Total: 13