A flaw was found in Python 3's pydoc. This flaw allows a local or adjacent attacker who discovers or can convince another local or adjacent user to start a pydoc server to access the server and then use it to disclose sensitive information belonging to the other user that they would not normally have the ability to access. The highest threat from this vulnerability is to data confidentiality.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Core | python3 | 2021-05-20 16:15 | ALAS2-2021-1640 |
Amazon Linux 1 | python34 | 2021-05-20 21:12 | ALAS-2021-1504 |
Amazon Linux 1 | python35 | 2021-05-06 19:11 | ALAS-2021-1498 |
Amazon Linux 1 | python36 | 2021-05-14 16:53 | ALAS-2021-1500 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.7 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
NVD | CVSSv2 | 2.7 | AV:A/AC:L/Au:S/C:P/I:N/A:N |
NVD | CVSSv3 | 5.7 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |