CVE-2021-20199
MEDIUMPodman 1.8.0-3.0.0 - Origin Validation Error in Rootless Containers
Title source: llmDescription
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.
References (4)
Core 4
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1919050
Exploit, Third Party Advisory x_refsource_misc
https://github.com/containers/podman/issues/5138
Patch, Third Party Advisory x_refsource_misc
https://github.com/rootless-containers/rootlesskit/pull/206
Patch, Third Party Advisory x_refsource_misc
https://github.com/containers/podman/pull/9052
Scores
CVSS v3
5.9
EPSS
0.0111
EPSS Percentile
61.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-346
Status
published
Products (2)
containers/podman
0 - 3.0.0Go
podman_project/podman
1.8.0 - 3.0.0
Published
Feb 02, 2021
Tracked Since
Feb 18, 2026