CVE-2021-20199

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-20199

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20199.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20199

Aliases

GHSA-grh6-q6m2-rh72

Related

Published

2021-02-02T19:15:14Z

Modified

2024-09-18T03:12:12.897517Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.

References

Affected packages

Debian:11 / libpod

Package

Name: libpod
Purl: pkg:deb/debian/libpod?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.0~rc2+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libpod

Package

Name: libpod
Purl: pkg:deb/debian/libpod?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.0~rc2+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libpod

Package

Name: libpod
Purl: pkg:deb/debian/libpod?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.0~rc2+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / rootlesskit

Package

Name: rootlesskit
Purl: pkg:deb/debian/rootlesskit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.12.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rootlesskit

Package

Name: rootlesskit
Purl: pkg:deb/debian/rootlesskit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.12.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rootlesskit

Package

Name: rootlesskit
Purl: pkg:deb/debian/rootlesskit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.12.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/containers/podman

Affected ranges

Type: GIT
Repo: https://github.com/containers/podman
Events: Introduced

2ced9094d4728dd09f60a177faa32339a8d0f721

Fixed

5b2585f5e91ca148f068cefa647c23f8b1ade622

Affected versions

v1.*

v1.8.0

v1.8.1

v1.8.1-rc1

v1.8.1-rc2

v1.8.1-rc3

v1.8.1-rc4

v1.8.2

v1.8.2-rc1

v1.9.0

v1.9.0-rc1

v1.9.0-rc2

v2.*

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.0-rc5

v2.0.0-rc6

v2.0.0-rc7

v2.1.0

v2.1.0-rc1

v2.1.0-rc2

v2.2.0-rc1

v2.2.0-rc2

v3.*

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3