CVE-2021-4024
podman: podman machine spawns gvproxy with port bound to all IPs
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
Se ha encontrado un fallo en podman. La función "podman machine" (usada para crear y administrar la máquina virtual Podman que contiene un proceso Podman) genera un proceso "gvproxy" en el sistema anfitrión. La API "gvproxy" es accesible en el puerto 7777 en todas las direcciones IP del host. Si ese puerto está abierto en el firewall del host, un atacante puede potencialmente usar la API "gvproxy" para reenviar puertos en el host a puertos en la VM, haciendo que los servicios privados en la VM sean accesibles a la red. Este problema también podría ser usado para interrumpir los servicios del host reenviando todos los puertos a la VM
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-26 CVE Reserved
- 2021-12-23 CVE Published
- 2024-08-03 CVE Updated
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-346: Origin Validation Error
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2026675%2C | X_refsource_misc | |
https://github.com/containers/podman/releases/tag/v3.4.3 | Release Notes |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Podman Project Search vendor "Podman Project" | Podman Search vendor "Podman Project" for product "Podman" | >= 3.3.0 < 3.4.3 Search vendor "Podman Project" for product "Podman" and version " >= 3.3.0 < 3.4.3" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
|