A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process)…
redhat·CWE-200·Published 2021-12-23
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman in github.com/containers/podman
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
Se ha encontrado un fallo en podman. La función "podman machine" (usada para crear y administrar la máquina virtual Podman que contiene un proceso Podman) genera un proceso "gvproxy" en el sistema anfitrión. La API "gvproxy" es accesible en el puerto 7777 en todas las direcciones IP del host. Si ese puerto está abierto en el firewall del host, un atacante puede potencialmente usar la API "gvproxy" para reenviar puertos en el host a puertos en la VM, haciendo que los servicios privados en la VM sean accesibles a la red. Este problema también podría ser usado para interrumpir los servicios del host reenviando todos los puertos a la VM
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.4 | 10.0 | 4.9 | AV:N/AC:L/Au:N/C:P/I:N/A:P |
| 3.1 | Primary | NVD | 6.5 | 3.9 | 2.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
| 3.1 | Secondary | GHSA | 6.5 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |