QwikSec

Security Database

CVE

CWE

Training

CVE-2021-20199

Published: Feb 2, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.

Vendor	Product	Versions
n/a	podman	affected `podman 1.8.0 onwards`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1919050

x_refsource_MISC

https://github.com/containers/podman/issues/5138

x_refsource_MISC

https://github.com/rootless-containers/rootlesskit/pull/206

x_refsource_MISC

https://github.com/containers/podman/pull/9052

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.