CVE-2021-3426
MEDIUMPython < 3.8.9, < 3.9.3, < 3.10.0a7 - Information Disclosure via pydoc Server
Title source: llmDescription
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
References (15)
Core 15
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202104-04
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1935913
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210629-0003/
Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Scores
CVSS v3
5.7
EPSS
0.0008
EPSS Percentile
23.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
CWE-200
Status
published
Products (13)
debian/debian_linux
9.0
fedoraproject/fedora
32
fedoraproject/fedora
33
fedoraproject/fedora
34
netapp/cloud_backup
netapp/ontap_select_deploy_administration_utility
netapp/snapcenter
oracle/communications_cloud_native_core_binding_support_function
1.10.0
oracle/zfs_storage_appliance_kit
8.8
python/python
3.10.0 alpha1 (6 CPE variants)
... and 3 more
Published
May 20, 2021
Tracked Since
Feb 18, 2026