Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1919050 | Issue Tracking Third Party Advisory |
https://github.com/containers/podman/issues/5138 | Exploit Third Party Advisory |
https://github.com/containers/podman/pull/9052 | Patch Third Party Advisory |
https://github.com/rootless-containers/rootlesskit/pull/206 | Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-02-02 19:15
Updated : 2024-02-04 21:23
NVD link : CVE-2021-20199
Mitre link : CVE-2021-20199
CVE.ORG link : CVE-2021-20199
JSON object : View
Products Affected
podman_project
- podman
CWE
CWE-346
Origin Validation Error