1. Home
  2. Vulnerabilities
  3. CVE-2021-4024

CVE-2021-4024

CVSS v3.1 6.5 (Medium)
65% Progress
CVSS v2.0 6.4 (Medium)
64% Progress
EPSS 0.15 % (52th)
0.15% Progress
Affected Products 3
Advisories 9
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in podman. The podman machine function (used to create and manage Podman virtual machine containing a Podman process) spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the gvproxy API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-346
Origin Validation Error
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2021-12-23 20:15:12
(2 years ago)
Updated Date
2023-11-07 03:40:06
(10 months ago)

Affected Products

Fedoraproject

Podman Project

Redhat

Configuration #1

    CPE23 From Up To
  Podman Project Podman from 3.3.0 version and prior 3.4.3 version cpe:2.3:a:podman_project:podman >= 3.3.0 < 3.4.3

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 34 cpe:2.3:o:fedoraproject:fedora:34
  Fedoraproject Fedora 35 cpe:2.3:o:fedoraproject:fedora:35

Configuration #3

    CPE23 From Up To
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0