CVE-2021-20199
N/A
N/A
Summary
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | podman | podman 1.8.0 onwards | affected |
Weaknesses
- CWE-346: CWE-346
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1919050
- https://github.com/containers/podman/issues/5138
- https://github.com/rootless-containers/rootlesskit/pull/206
- https://github.com/containers/podman/pull/9052
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1919050
- https://github.com/containers/podman/issues/5138
- https://github.com/rootless-containers/rootlesskit/pull/206
- https://github.com/containers/podman/pull/9052
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.