VDB
CVE-2021-20199
CVE-2021-20199
PUBLISHED
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.
EPSS 0.13% · 32.5th percentile
Risk Scores
EPSS Score
0.13%
32.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:24.04:LTS | libpod | 0, 4.3.1+ds1-8, 4.7.2+ds1-2 |
| Ubuntu:Pro:22.04:LTS | libpod | 0, 3.2.1+ds1-2ubuntu3, 3.4.4+ds1-1ubuntu1 |
Exploit Intelligence
Timeline
- Feb 2, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-20199 third-party-advisory
- https://github.com/containers/podman/issues/5138 third-party-advisory
- https://github.com/containers/podman/pull/9052 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-20199 third-party-advisory