CVE-2021-20199 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
Rootless containers run with Podman from version 1.8.0 up to 2.2.1 receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. The issue is fixed in Podman 3.0.0.
Group Package Affected Fixed Severity Status Ticket
AVG-1517 podman 2.2.1-2 3.0.0-1 Medium Fixed
References
https://github.com/containers/podman/issues/5138
https://github.com/containers/podman/pull/9052
https://github.com/containers/podman/commit/5172cfe6a5ab407e1cf90a6155e575c16114adba