Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-4024

Опубликовано: 23 дек. 2021
Источник: debian

Описание

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libpodfixed3.4.3+ds1-1package
libpodnot-affectedbullseyepackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2026675

  • https://twitter.com/discordianfish/status/1463462371675066371

  • https://github.com/containers/podman/pull/12283

  • Introduced by: https://github.com/containers/podman/commit/7ef3981abe2412727840a2886489a08c03a05299 (v3.3.0-rc1)

  • Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48 (main)

  • Fixed by: https://github.com/containers/podman/commit/57c5e2246efeaf2fef820a482241f1cc43960c7a (v3.4.3)

Связанные уязвимости

ubuntu логотип

CVE-2021-4024

CVSS3: 6.5
ubuntu
около 4 лет назад

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

redhat логотип

CVE-2021-4024

CVSS3: 4.8
redhat
около 4 лет назад

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

nvd логотип

CVE-2021-4024

CVSS3: 6.5
nvd
около 4 лет назад

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

github логотип

GHSA-3cf2-x423-x582

CVSS3: 6.5
github
около 4 лет назад

Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman

fstec логотип

BDU:2023-03676

CVSS3: 6.5
fstec
около 4 лет назад

Уязвимость инструмента управления виртуализацией podman-machine программного средства управления и запуска OCI-контейнеров Podman, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации