CVE-2021-4024

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 23-12-2021 09:15

Last modified: - 01-03-2022 09:03

Total changes: - 5

Description

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

6.5

Base score

3.9

2.5

Exploitability score

Impact score

Verification logic

vendor=podman_project AND product=podman AND versionStartIncluding=3.3.0 AND versionEndExcluding=3.4.3

vendor=fedoraproject AND product=fedora AND version=34

vendor=fedoraproject AND product=fedora AND version=35

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=8.0

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2026675,
https://github.com/containers/podman/releases/tag/v3.4.3
FEDORA-2021-6bd024d2a7-Mailing List, Third Party Advisory

Keywords

CVE-2021-4024

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-4024

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures