Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-4024

Published: 23/12/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Podman Project

Vulnerability Summary

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

podman project podman

fedoraproject fedora 34

fedoraproject fedora 35

redhat enterprise linux 8.0

Vendor Advisories

Red Hat: Moderate: podman security and bug fix update
Synopsis Moderate: podman security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for podman is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as h ...
Debian CVElist Bug Report Logs: libpod: CVE-2021-4024: podman machine spawns gvproxy with port binded to all IPs
Debian Bug report logs - #1000844 libpod: CVE-2021-4024: podman machine spawns gvproxy with port binded to all IPs Package: src:libpod; Maintainer for src:libpod is Debian Go Packaging Team <pkg-go-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 30 Nov 2021 06:21: ...
Arch Linux Issues:
A security issue was found in Podman The "podman machine" function (used to create and manage Podman virtual machine containing a Podman process) spawns a "gvproxy" process on the host system The "gvproxy" API is accessible on port 7777 on all IP addresses on the host If that port is open on the host's firewall, an attacker can potentially use " ...

References

CWE-200CWE-346https://github.com/containers/podman/releases/tag/v3.4.3https://bugzilla.redhat.com/show_bug.cgi?id=2026675%2Chttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3/https://access.redhat.com/errata/RHSA-2022:7954https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-4024
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook