CVE-2021-20199 - log back

CVE-2021-20199 edited at 11 Feb 2021 23:20:49
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1919050
https://github.com/containers/podman/issues/5138
https://github.com/containers/podman/pull/9052
https://github.com/containers/podman/commit/5172cfe6a5ab407e1cf90a6155e575c16114adba
CVE-2021-20199 edited at 11 Feb 2021 23:20:14
Description
- Rootless containers run with Podman receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication.
+ Rootless containers run with Podman from version 1.8.0 up to 2.2.1 receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. The issue is fixed in Podman 3.0.0.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1919050
https://github.com/containers/podman/issues/5138
https://github.com/containers/podman/pull/9052
- https://github.com/containers/podman/commit/5e65f0ba30f3fca73f8c207825632afef08378c1
+ https://github.com/containers/podman/commit/5172cfe6a5ab407e1cf90a6155e575c16114adba
CVE-2021-20199 edited at 02 Feb 2021 20:38:56
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20199
+ https://bugzilla.redhat.com/show_bug.cgi?id=1919050
https://github.com/containers/podman/issues/5138
https://github.com/containers/podman/pull/9052
https://github.com/containers/podman/commit/5e65f0ba30f3fca73f8c207825632afef08378c1
CVE-2021-20199 edited at 01 Feb 2021 09:04:48
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ Rootless containers run with Podman receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20199
+ https://github.com/containers/podman/issues/5138
+ https://github.com/containers/podman/pull/9052
+ https://github.com/containers/podman/commit/5e65f0ba30f3fca73f8c207825632afef08378c1
Notes
CVE-2021-20199 created at 01 Feb 2021 09:00:13