---

CVE-2021-20199 - log back

CVE-2021-20199 edited at 11 Feb 2021 23:20:49
References	- https://bugzilla.redhat.com/show_bug.cgi?id=1919050 https://github.com/containers/podman/issues/5138 https://github.com/containers/podman/pull/9052 https://github.com/containers/podman/commit/5172cfe6a5ab407e1cf90a6155e575c16114adba

CVE-2021-20199 edited at 11 Feb 2021 23:20:14
Description	- Rootless containers run with Podman receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. + Rootless containers run with Podman from version 1.8.0 up to 2.2.1 receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. The issue is fixed in Podman 3.0.0.
References	https://bugzilla.redhat.com/show_bug.cgi?id=1919050 https://github.com/containers/podman/issues/5138 https://github.com/containers/podman/pull/9052 - https://github.com/containers/podman/commit/5e65f0ba30f3fca73f8c207825632afef08378c1 + https://github.com/containers/podman/commit/5172cfe6a5ab407e1cf90a6155e575c16114adba

CVE-2021-20199 edited at 02 Feb 2021 20:38:56
References	- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20199 + https://bugzilla.redhat.com/show_bug.cgi?id=1919050 https://github.com/containers/podman/issues/5138 https://github.com/containers/podman/pull/9052 https://github.com/containers/podman/commit/5e65f0ba30f3fca73f8c207825632afef08378c1

CVE-2021-20199 edited at 01 Feb 2021 09:04:48
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Insufficient validation
Description	+ Rootless containers run with Podman receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20199 + https://github.com/containers/podman/issues/5138 + https://github.com/containers/podman/pull/9052 + https://github.com/containers/podman/commit/5e65f0ba30f3fca73f8c207825632afef08378c1
Notes

CVE-2021-20199 created at 01 Feb 2021 09:00:13