CVE-2021-3426

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Published: May 20, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-3426
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.7
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.7
AV:A/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
python / python	3.8.0	3.8.8
python / python	3.7.0	3.7.10
python / python	3.6.0	3.6.13
python / python	3.10.0-alpha1	3.10.0-alpha1.x
python / python	3.10.0-alpha2	3.10.0-alpha2.x
python / python	3.10.0-alpha3	3.10.0-alpha3.x
python / python	3.10.0-alpha4	3.10.0-alpha4.x
python / python	3.10.0-alpha5	3.10.0-alpha5.x
python / python	3.10.0-alpha6	3.10.0-alpha6.x
python / python	3.9.0	3.9.3
python / python	-	2.7.18
fedoraproject / fedora	32	32.x
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x
debian / debian_linux	9.0	9.0.x
redhat / enterprise_linux	8.0	8.0.x
oracle / zfs_storage_appliance_kit	8.8	8.8.x
oracle / communications_cloud_native_core_binding_support_function	1.10.0	1.10.0.x

Vulnerability Database

289,599

CVE-2021-3426