CVE-2021-20199 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	Rootless containers run with Podman from version 1.8.0 up to 2.2.1 receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. The issue is fixed in Podman 3.0.0.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1517	podman	2.2.1-2	3.0.0-1	Medium	Fixed

References
https://github.com/containers/podman/issues/5138 https://github.com/containers/podman/pull/9052 https://github.com/containers/podman/commit/5172cfe6a5ab407e1cf90a6155e575c16114adba