CVE-2021-4024 - log back

CVE-2021-4024 edited at 09 Dec 2021 21:48:30
Description
- A security issue was found in Podman. The "podman machine" function (used to create and manage Podman virtual machine containing a Podman process) spawns a "gvproxy" process on the host system. The "gvproxy" API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use "gvproxy" API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
+ A security issue was found in Podman before version 3.4.3. The "podman machine" function (used to create and manage Podman virtual machine containing a Podman process) spawns a "gvproxy" process on the host system. The "gvproxy" API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use "gvproxy" API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
References
https://bugzilla.redhat.com/show_bug.cgi?id=2026675
https://twitter.com/discordianfish/status/1463462371675066371
+ https://github.com/containers/podman/pull/12283
+ https://github.com/containers/podman/pull/12497
+ https://github.com/containers/podman/commit/57c5e2246efeaf2fef820a482241f1cc43960c7a
CVE-2021-4024 edited at 27 Nov 2021 13:03:37
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A security issue was found in Podman. The "podman machine" function (used to create and manage Podman virtual machine containing a Podman process) spawns a "gvproxy" process on the host system. The "gvproxy" API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use "gvproxy" API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=2026675
+ https://twitter.com/discordianfish/status/1463462371675066371
Notes
CVE-2021-4024 created at 27 Nov 2021 13:01:33