Vulnerability-Lookup

CVE-2021-20199 (GCVE-0-2021-20199)

Vulnerability from cvelistv5 – Published: 2021-02-02 18:12 – Updated: 2024-08-03 17:30

Summary

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.

Severity ?

No CVSS data available.

CWE

CWE-346

Assigner

redhat

References

URL

	Vendor	Product	Version
	n/a	podman	Affected: podman 1.8.0 onwards

GHSA-GRH6-Q6M2-RH72

Vulnerability from github – Published: 2021-05-18 21:07 – Updated: 2023-09-18 19:30

Summary

Podman Origin Validation Error

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containers/podman/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-20199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-346"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-18T21:02:35Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman versions from 1.8.0 to 3.0.0.",
  "id": "GHSA-grh6-q6m2-rh72",
  "modified": "2023-09-18T19:30:49Z",
  "published": "2021-05-18T21:07:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20199"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/issues/5138"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/pull/9052"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/pull/9225"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rootless-containers/rootlesskit/pull/206"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919050"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/releases/tag/v3.0.0-rc3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Podman Origin Validation Error"
}

GSD-2021-20199

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-20199

Aliases

CVE-2021-20199

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20199",
    "description": "Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.",
    "id": "GSD-2021-20199",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-20199.html",
      "https://access.redhat.com/errata/RHSA-2021:1796",
      "https://security.archlinux.org/CVE-2021-20199",
      "https://linux.oracle.com/cve/CVE-2021-20199.html",
      "https://access.redhat.com/errata/RHSA-2022:7954"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20199"
      ],
      "details": "Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.",
      "id": "GSD-2021-20199",
      "modified": "2023-12-13T01:23:12.125308Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2021-20199",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "podman",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "podman 1.8.0 onwards"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-346"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1919050",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919050"
          },
          {
            "name": "https://github.com/containers/podman/issues/5138",
            "refsource": "MISC",
            "url": "https://github.com/containers/podman/issues/5138"
          },
          {
            "name": "https://github.com/rootless-containers/rootlesskit/pull/206",
            "refsource": "MISC",
            "url": "https://github.com/rootless-containers/rootlesskit/pull/206"
          },
          {
            "name": "https://github.com/containers/podman/pull/9052",
            "refsource": "MISC",
            "url": "https://github.com/containers/podman/pull/9052"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=v1.8.0 \u003cv3.0.0",
          "affected_versions": "All versions starting from 1.8.0 before 3.0.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-346",
            "CWE-937"
          ],
          "date": "2021-02-26",
          "description": "Rootless containers run with Podman, receive all traffic with a source IP address of (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman onwards.",
          "fixed_versions": [],
          "identifier": "CVE-2021-20199",
          "identifiers": [
            "CVE-2021-20199"
          ],
          "not_impacted": "",
          "package_slug": "go/github.com/containers/podman",
          "pubdate": "2021-02-02",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Origin Validation Error",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-20199",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1919050"
          ],
          "uuid": "64a92da6-9033-4452-9291-a6f7f1223e5d",
          "versions": [
            {
              "commit": {
                "sha": "d3d457775abaee119b74a8658f9c396c811e19d2",
                "tags": [
                  "v1.8.0"
                ],
                "timestamp": "20200206222256"
              },
              "number": "v1.8.0"
            },
            {
              "commit": {
                "sha": "1cbe815ee74e835f72ee7c63857126b5aedbee39",
                "tags": [
                  "v3.0.0-rc1"
                ],
                "timestamp": "20210118115538"
              },
              "number": "v3.0.0"
            }
          ]
        },
        {
          "affected_range": "\u003c3.0.0",
          "affected_versions": "All versions before 3.0.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-346",
            "CWE-937"
          ],
          "date": "2021-05-18",
          "description": "Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.",
          "fixed_versions": [
            "3.0.0"
          ],
          "identifier": "CVE-2021-20199",
          "identifiers": [
            "GHSA-grh6-q6m2-rh72",
            "CVE-2021-20199"
          ],
          "not_impacted": "All versions starting from 3.0.0",
          "package_slug": "go/github.com/containers/podman/v3",
          "pubdate": "2021-05-18",
          "solution": "Upgrade to version 3.0.0 or above.",
          "title": "Origin Validation Error",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-20199",
            "https://github.com/containers/podman/issues/5138",
            "https://github.com/containers/podman/pull/9052",
            "https://github.com/containers/podman/pull/9225",
            "https://github.com/rootless-containers/rootlesskit/pull/206",
            "https://github.com/containers/podman/releases/tag/v3.0.0-rc3",
            "https://github.com/advisories/GHSA-grh6-q6m2-rh72"
          ],
          "uuid": "e8a01af4-21b7-436f-81af-a8076bbeae91"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.0",
                "versionStartIncluding": "1.8.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-20199"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-346"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rootless-containers/rootlesskit/pull/206",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/rootless-containers/rootlesskit/pull/206"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1919050",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919050"
            },
            {
              "name": "https://github.com/containers/podman/issues/5138",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/containers/podman/issues/5138"
            },
            {
              "name": "https://github.com/containers/podman/pull/9052",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/containers/podman/pull/9052"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-02-26T03:32Z",
      "publishedDate": "2021-02-02T19:15Z"
    }
  }
}

CVE-2021-20199

Vulnerability from osv_almalinux

Published

2022-11-15 00:00

Modified

2022-11-18 05:46

Summary

Moderate: podman security and bug fix update

Details

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
podman: podman machine spawns gvproxy with port bound to all IPs (CVE-2021-4024)
podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)
containers/storage: DoS via malicious image (CVE-2021-20291)
golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "podman"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:4.2.0-3.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "podman-docker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:4.2.0-3.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "podman-gvproxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:4.2.0-3.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "podman-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:4.2.0-3.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "podman-remote"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:4.2.0-3.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "podman-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:4.2.0-3.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n* podman: podman machine spawns gvproxy with port bound to all IPs (CVE-2021-4024)\n* podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)\n* containers/storage: DoS via malicious image (CVE-2021-20291)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2022:7954",
  "modified": "2022-11-18T05:46:54Z",
  "published": "2022-11-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:7954"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2020-28851"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2020-28852"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-20199"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-20291"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-33197"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-34558"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-4024"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-27191"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/1913333"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/1913338"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/1919050"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/1939485"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/1983596"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/1989570"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2026675"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2064702"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2022-7954.html"
    }
  ],
  "related": [
    "CVE-2020-28851",
    "CVE-2020-28852",
    "CVE-2021-4024",
    "CVE-2021-20199",
    "CVE-2021-20291",
    "CVE-2021-33197",
    "CVE-2021-34558",
    "CVE-2022-27191"
  ],
  "summary": "Moderate: podman security and bug fix update"
}

CVE-2021-20199

Vulnerability from osv_almalinux

Published

2021-05-18 06:06

Modified

2021-05-18 06:06

Summary

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

Details

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "cockpit-podman"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "29-2.module_el8.6.0+2876+9ed4eae2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "conmon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:2.0.26-1.module_el8.6.0+2876+9ed4eae2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "containernetworking-plugins"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.1-1.module_el8.6.0+2876+9ed4eae2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "crit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.15-1.module_el8.6.0+2876+9ed4eae2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "criu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.15-1.module_el8.6.0+2876+9ed4eae2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "fuse-overlayfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.0-2.module_el8.6.0+2876+9ed4eae2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libslirp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.1-1.module_el8.6.0+2876+9ed4eae2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libslirp-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.1-1.module_el8.6.0+2876+9ed4eae2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-criu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.15-1.module_el8.6.0+2876+9ed4eae2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "slirp4netns"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.8-1.module_el8.6.0+2876+9ed4eae2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "udica"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.4-1.module_el8.6.0+2876+9ed4eae2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es):\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2021:1796",
  "modified": "2021-05-18T06:06:07Z",
  "published": "2021-05-18T06:06:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2021-1796.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-29652"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-20199"
    }
  ],
  "related": [
    "CVE-2020-29652",
    "CVE-2021-20199"
  ],
  "summary": "Moderate: container-tools:rhel8 security, bug fix, and enhancement update"
}

FKIE_CVE-2021-20199

Vulnerability from fkie_nvd - Published: 2021-02-02 19:15 - Updated: 2024-11-21 05:46

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1919050	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://github.com/containers/podman/issues/5138	Exploit, Third Party Advisory
secalert@redhat.com	https://github.com/containers/podman/pull/9052	Patch, Third Party Advisory
secalert@redhat.com	https://github.com/rootless-containers/rootlesskit/pull/206	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1919050	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/containers/podman/issues/5138	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/containers/podman/pull/9052	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rootless-containers/rootlesskit/pull/206	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	podman_project	podman	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3720247B-439B-4853-9312-87AFBB4B763D",
              "versionEndExcluding": "3.0.0",
              "versionStartIncluding": "1.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards."
    },
    {
      "lang": "es",
      "value": "Los contenedores Rootless se ejecutan con Podman, reciben todo el tr\u00e1fico con una direcci\u00f3n IP de origen 127.0.0.1 (incluyendo desde hosts remotos).\u0026#xa0;Esto afecta a las aplicaciones en contenedores que conf\u00edan en las conexiones localhost (127.0.01) por defecto y no requieren autenticaci\u00f3n.\u0026#xa0;Este problema afecta a Podman versi\u00f3n 1.8.0 en adelante"
    }
  ],
  "id": "CVE-2021-20199",
  "lastModified": "2024-11-21T05:46:07.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-02T19:15:14.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919050"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/containers/podman/issues/5138"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/containers/podman/pull/9052"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rootless-containers/rootlesskit/pull/206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/containers/podman/issues/5138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/containers/podman/pull/9052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rootless-containers/rootlesskit/pull/206"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-20199 (GCVE-0-2021-20199)

GHSA-GRH6-Q6M2-RH72

GSD-2021-20199

CVE-2021-20199

Vulnerability from osv_almalinux

CVE-2021-20199

Vulnerability from osv_almalinux

FKIE_CVE-2021-20199

Tags

Sightings

Nomenclature