Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-4024

EPSS 0.10% · P26
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-4024

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Podman 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Podman是一款用于在Linux系统上开发、管理和运行OCI容器的引擎。 podman 存在访问控制错误漏洞,podman machine 函数(用于创建和管理包含 Podman 进程的 Podman 虚拟机)在主机系统上生成一个 gvproxy 进程。gvproxy API 可在主机上所有 IP 地址的端口 7777 上访问。如果该端口在主机的防火墙上打开,攻击者可能会使用 gvproxy API 将主机上的端口转发到 VM 中的端口,从而使网络可以访问 VM 上的私有服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-podman podman 3.4.3 -

II. Public POCs for CVE-2021-4024

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-4024

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-12-23 · 22 CVEs total

CVE-2021-454627.5 HIGHOpen5Gs 输入验证错误漏洞
CVE-2021-20318Red Hat Jboss Enterprise Application Platform 7 代码问题漏洞
CVE-2020-35398Nch Software UTI Mutual fund 安全漏洞
CVE-2021-45470cve-search 安全漏洞
CVE-2021-3622hivex 资源管理错误漏洞
CVE-2021-27006Netapp StorageGRID 安全漏洞
CVE-2021-3584Foreman 操作系统命令注入漏洞
CVE-2021-27007NetApp Virtual Desktop Service 安全漏洞
CVE-2021-44543Privoxy 跨站脚本漏洞
CVE-2021-44542Privoxy 输入验证错误漏洞
CVE-2021-44541Privoxy 输入验证错误漏洞
CVE-2021-44540Privoxy 输入验证错误漏洞
CVE-2021-3621SSSD 操作系统命令注入漏洞
CVE-2021-45469Linux kernel 缓冲区错误漏洞
CVE-2021-40161Autodesk Navisworks 缓冲区错误漏洞
CVE-2021-40160Autodesk Navisworks 缓冲区错误漏洞
CVE-2021-44526Zoho ManageEngine SupportCenter Plus 授权问题漏洞
CVE-2021-44600Simple Online Mens Salon Management SystemSQL注入漏洞
CVE-2021-44599Online Enrollment Management System SQL注入漏洞
CVE-2021-45463GIMP 操作系统命令注入漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: podman
Same vendor: n/a
Same weakness: CWE-200

V. Comments for CVE-2021-4024

No comments yet

Leave a comment