CVE-2021-4024 - OpenCVE

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux
Podman Project	Podman
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 3 [-]

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2026675%2C
https://github.com/containers/podman/releases/tag/v3.4.3	Release Notes Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-12-23T19:48:45

Updated: 2022-02-08T02:06:09

Reserved: 2021-11-26T00:00:00

Link: CVE-2021-4024

JSON object: View

NVD Information

Status : Modified

Published: 2021-12-23T20:15:12.210

Modified: 2023-11-07T03:40:06.607

Link: CVE-2021-4024

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "podman", "vendor": "n/a", "versions": [{"status": "affected", "version": "podman 3.4.3"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200, CWE-346", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-08T02:06:09", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026675%2C"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/containers/podman/releases/tag/v3.4.3"}, {"name": "FEDORA-2021-6bd024d2a7", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-4024", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "podman", "version": {"version_data": [{"version_value": "podman 3.4.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200, CWE-346"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2026675,", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026675,"}, {"name": "https://github.com/containers/podman/releases/tag/v3.4.3", "refsource": "MISC", "url": "https://github.com/containers/podman/releases/tag/v3.4.3"}, {"name": "FEDORA-2021-6bd024d2a7", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3/"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-4024", "datePublished": "2021-12-23T19:48:45", "dateReserved": "2021-11-26T00:00:00", "dateUpdated": "2022-02-08T02:06:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*", "matchCriteriaId": "18FEB567-718C-45A5-98E3-1481BE15A306", "versionEndExcluding": "3.4.3", "versionStartIncluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM."}, {"lang": "es", "value": "Se ha encontrado un fallo en podman. La funci\u00f3n \"podman machine\" (usada para crear y administrar la m\u00e1quina virtual Podman que contiene un proceso Podman) genera un proceso \"gvproxy\" en el sistema anfitri\u00f3n. La API \"gvproxy\" es accesible en el puerto 7777 en todas las direcciones IP del host. Si ese puerto est\u00e1 abierto en el firewall del host, un atacante puede potencialmente usar la API \"gvproxy\" para reenviar puertos en el host a puertos en la VM, haciendo que los servicios privados en la VM sean accesibles a la red. Este problema tambi\u00e9n podr\u00eda ser usado para interrumpir los servicios del host reenviando todos los puertos a la VM"}], "id": "CVE-2021-4024", "lastModified": "2023-11-07T03:40:06.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-23T20:15:12.210", "references": [{"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026675%2C"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/containers/podman/releases/tag/v3.4.3"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}]}