{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-3426", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T16:53:17.611Z", "dateReserved": "2021-03-09T00:00:00", "datePublished": "2021-05-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-06-30T00:00:00"}, "descriptions": [{"lang": "en", "value": "There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7."}], "affected": [{"vendor": "n/a", "product": "python", "versions": [{"version": "python 3.8.9, python 3.9.3, python 3.10.0a7", "status": "affected"}]}], "references": [{"name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"}, {"name": "FEDORA-2021-a311bf10d4", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/"}, {"name": "FEDORA-2021-2ab6f060d9", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/"}, {"name": "FEDORA-2021-1769a23935", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/"}, {"name": "FEDORA-2021-b6b6093b3a", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/"}, {"name": "FEDORA-2021-067c9deff1", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/"}, {"name": "FEDORA-2021-0a8f3ffbc0", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/"}, {"name": "FEDORA-2021-a26257ccf5", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/"}, {"name": "GLSA-202104-04", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202104-04"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935913"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"url": "https://security.netapp.com/advisory/ntap-20210629-0003/"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-200", "cweId": "CWE-200"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.611Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"}, {"name": "FEDORA-2021-a311bf10d4", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/"}, {"name": "FEDORA-2021-2ab6f060d9", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/"}, {"name": "FEDORA-2021-1769a23935", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/"}, {"name": "FEDORA-2021-b6b6093b3a", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/"}, {"name": "FEDORA-2021-067c9deff1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/"}, {"name": "FEDORA-2021-0a8f3ffbc0", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/"}, {"name": "FEDORA-2021-a26257ccf5", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/"}, {"name": "GLSA-202104-04", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202104-04"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935913", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20210629-0003/", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "24C4B7E3-D11A-49D8-90D6-22B61BC970E6", "versionEndExcluding": "2.7.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B25D15A-4F2D-4EE0-AE61-CAA5DC478383", "versionEndExcluding": "3.6.13", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEB52F35-D464-4C26-A253-1B96B2A4921A", "versionEndExcluding": "3.7.10", "versionStartIncluding": "3.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F40C09A-B9FD-40D7-B0A3-89C13DAD040B", "versionEndExcluding": "3.8.8", "versionStartIncluding": "3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "B19E0ABC-7E51-4870-BE02-F9D41409BE58", "versionEndExcluding": "3.9.3", "versionStartIncluding": "3.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "D3A22303-914F-4EB6-9CCE-EE0D5EDB424B", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.10.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "349F5466-4F47-47FB-B600-55DB4F919E1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.10.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "14EE982A-1DA9-4D34-B748-862DE731BE69", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.10.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "D0B1D471-35D3-4289-8C74-63C36233C18D", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.10.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "D613BB2D-D583-44CC-9C22-38CE434FDDFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.10.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "2075995B-9D49-4EFE-9743-5ACE0B6DEF62", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", "matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7."}, {"lang": "es", "value": "Se presenta un fallo en pydoc de Python versi\u00f3n 3. Un atacante local o adyacente que descubre o es capaz de convencer a otro usuario local o adyacente para que iniciar un servidor pydoc podr\u00eda acceder al servidor y usarlo para divulgar informaci\u00f3n confidencial perteneciente al otro usuario al que normalmente no podr\u00eda acceder. El mayor riesgo de este fallo es la confidencialidad de los datos. Este fallo afecta a Python versiones anteriores a 3.8.9, Python versiones anteriores a 3.9.3 y Python versiones anteriores a 3.10.0a7"}], "id": "CVE-2021-3426", "lastModified": "2023-11-07T03:38:00.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-20T13:15:07.753", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935913"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202104-04"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210629-0003/"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank David Schw\u00f6rer (Fedora) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:4160", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39:3.9-8050020210811100211.d428a79b", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2021:4160", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39-devel:3.9-8050020210811100211.d428a79b", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2021:4162", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python38:3.8-8050020210811101222.e3d35cca", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2021:4162", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python38-devel:3.8-8050020210811101222.e3d35cca", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2021:4399", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-41.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2021:4399", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-41.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-babel-0:2.7.0-12.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-0:3.8.11-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-cryptography-0:2.8-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-jinja2-0:2.10.3-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-lxml-0:4.4.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-pip-0:19.3.1-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-urllib3-0:1.25.7-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-babel-0:2.7.0-12.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-0:3.8.11-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-cryptography-0:2.8-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-jinja2-0:2.10.3-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-lxml-0:4.4.1-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-pip-0:19.3.1-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-08-24T00:00:00Z"}, {"advisory": "RHSA-2021:3254", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-urllib3-0:1.25.7-7.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-08-24T00:00:00Z"}], "bugzilla": {"description": "python: Information disclosure via pydoc", "id": "1935913", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935913"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.", "A flaw was found in Python 3's pydoc. This flaw allows a local or adjacent attacker who discovers or can convince another local or adjacent user to start a pydoc server to access the server and then use it to disclose sensitive information belonging to the other user that they would not normally have the ability to access. The highest threat from this vulnerability is to data confidentiality."], "mitigation": {"lang": "en:us", "value": "Use the console (no argument needed) or HTML file (-w argument) output to generate docs rather than the HTTP server options. Put differently, do not use the -p or -n options of pydoc."}, "name": "CVE-2021-3426", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python27:2.7/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "python27-python", "product_name": "Red Hat Software Collections"}], "public_date": "2021-03-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3426\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3426"], "statement": "Red Hat Quay from version 3.4 uses Python from Red Hat Enterprise Linux RPM repositories and therefore may receive an update for this issue in a future release. Earlier versions of Red Hat Quay will not receive a patch for this issue.\nPython 2.x.x as shipped in any Red Hat product is not affected. This flaw is out of support scope for python3 as shipped with Red Hat Enterprise Linux 7. For more information about Red Hat Enterprise Linux support scope, please see https://access.redhat.com/support/policy/updates/errata/ .", "threat_severity": "Moderate", "upstream_fix": "python 3.8.9, python 3.9.3, python 3.10.0a7"}