CVE-2021-20199

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-20199

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20199.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20199

Aliases

GHSA-grh6-q6m2-rh72

Downstream

DEBIAN-CVE-2021-20199

RHSA-2021:1796

RHSA-2022:7954

SUSE-SU-2022:23018-1

SUSE-SU-2022:3312-1

SUSE-SU-2023:0187-1

SUSE-SU-2023:0326-1

UBUNTU-CVE-2021-20199

openSUSE-SU-2022:23018-1

openSUSE-SU-2024:11177-1

openSUSE-SU-2024:11757-1

Related

Published

2021-02-02T19:15:14Z

Modified

2025-09-24T10:32:35.624431Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.

References

Affected packages

Git / github.com/containers/podman

Affected ranges

Type: GIT
Repo: https://github.com/containers/podman
Events: Introduced

2ced9094d4728dd09f60a177faa32339a8d0f721

Fixed

5b2585f5e91ca148f068cefa647c23f8b1ade622

Affected versions

v1.*

v1.8.0

v1.8.1

v1.8.1-rc1

v1.8.1-rc2

v1.8.1-rc3

v1.8.1-rc4

v1.8.2

v1.8.2-rc1

v1.9.0

v1.9.0-rc1

v1.9.0-rc2

v2.*

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.0-rc5

v2.0.0-rc6

v2.0.0-rc7

v2.1.0

v2.1.0-rc1

v2.1.0-rc2

v2.2.0-rc1

v2.2.0-rc2

v3.*

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3