Vulnerability CVE-2021-20199

Vulnerability Name:

CVE-2021-20199 (CCN-196056)

Assigned:

2020-12-17

Published:

2021-01-01

Updated:

2021-02-26

Summary:

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

5.9 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-346

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2021-20199

Source: CCN
Type: Red Hat Bugzilla - Bug 1919050
(CVE-2021-20199) - CVE-2021-20199 podman: Remote traffic to rootless containers is seen as orginating from localhost

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1919050

Source: XF
Type: UNKNOWN
containers-cve202120199-sec-bypass(196056)

Source: CCN
Type: podman GIT Repository
Source IP always 127.0.0.1 in rootless Podman 1.8.0 #5138

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/containers/podman/issues/5138

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/containers/podman/pull/9052

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/rootless-containers/rootlesskit/pull/206

Vulnerable Configuration:

Configuration 1:

cpe:/a:podman_project:podman:*:*:*:*:*:*:*:* (Version >= 1.8.0 and < 3.0.0)

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7584	P	libcontainers-common-20230214-150500.2.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7862	P	podman-4.4.4-150500.1.4 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51990	P	Security update for podman (Important)	2023-01-27
oval:com.redhat.rhsa:def:20227954	P	RHSA-2022:7954: podman security and bug fix update (Moderate)	2022-11-15
oval:org.opensuse.security:def:118972	P	Security update for libcontainers-common (Moderate) (in QA)	2022-08-31
oval:org.opensuse.security:def:119826	P	Security update for libcontainers-common (Moderate) (in QA)	2022-08-31
oval:org.opensuse.security:def:119277	P	Security update for libcontainers-common (Moderate) (in QA)	2022-08-31
oval:org.opensuse.security:def:119728	P	Security update for libcontainers-common (Moderate) (in QA)	2022-08-31
oval:org.opensuse.security:def:118782	P	Security update for libcontainers-common (Moderate) (in QA)	2022-08-31
oval:org.opensuse.security:def:119739	P	Security update for libcontainers-common (Moderate) (in QA)	2022-08-31
oval:org.opensuse.security:def:3000	P	MozillaFirefox-68.1.0-109.92.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3247	P	libraptor2-0-2.0.10-3.63 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94630	P	libcontainers-common-20210626-150400.1.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94877	P	podman-3.4.4-150400.2.14 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:98958	P	Security update for conmon, libcontainers-common, libseccomp, podman (Moderate)	2022-03-04
oval:org.opensuse.security:def:994	P	Security update for conmon, libcontainers-common, libseccomp, podman (Moderate)	2022-02-25
oval:org.opensuse.security:def:101615	P	Security update for conmon, libcontainers-common, libseccomp, podman (Moderate)	2022-02-25
oval:org.opensuse.security:def:101684	P	Security update for conmon, libcontainers-common, libseccomp, podman (Moderate)	2022-02-25
oval:org.opensuse.security:def:923	P	Security update for conmon, libcontainers-common, libseccomp, podman (Moderate)	2022-02-25
oval:org.opensuse.security:def:42308	P	Security update for conmon, libcontainers-common, libseccomp, podman (Moderate)	2022-02-25
oval:org.opensuse.security:def:113150	P	podman-3.3.1-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106578	P	podman-3.3.1-2.1 on GA media (Moderate)	2021-10-01
oval:com.redhat.rhsa:def:20211796	P	RHSA-2021:1796: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)	2021-05-18

BACK