CVE-2021-3426 — MEDIUM (5.7)

Q: How severe is CVE-2021-3426?

CVE-2021-3426 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3426?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Fedoraproject Fedora, Debian Debian Linux, Redhat Software Collections, Redhat Enterprise Linux.

Vulnerability Description

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Python	Python	< 2.7.18
Fedoraproject	Fedora	32
Debian	Debian Linux	9.0
Redhat	Software Collections	-
Redhat	Enterprise Linux	8.0
Netapp	Cloud Backup	-
Netapp	Ontap Select Deploy Administration Utility	-
Netapp	Snapcenter	-
Oracle	Communications Cloud Native Core Binding Support Function	1.10.0
Oracle	Zfs Storage Appliance Kit	8.8

Related Weaknesses (CWE)

CWE-22 CWE-200

References

https://bugzilla.redhat.com/show_bug.cgi?id=1935913Issue TrackingPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202104-04Third Party Advisory
https://security.netapp.com/advisory/ntap-20210629-0003/Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1935913Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2021-3426?

CVE-2021-3426 is a vulnerability with a CVSS score of 5.7 (MEDIUM). There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to discl...

How severe is CVE-2021-3426?

CVE-2021-3426 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3426?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Fedoraproject Fedora, Debian Debian Linux, Redhat Software Collections, Redhat Enterprise Linux.