Search for vulnerabilities
Vulnerability details: VCID-314j-bs3k-aaae
Vulnerability ID VCID-314j-bs3k-aaae
Aliases CVE-2021-4024
GHSA-3cf2-x423-x582
Summary A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-346 Origin Validation Error
System Score Found at
cvssv3 4.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4024.json
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00149 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2021-4024
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2026675
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=2026675,
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2026675,
cvssv3.1 4.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.6 https://github.com/containers/podman
generic_textual HIGH https://github.com/containers/podman
cvssv3.1 6.5 https://github.com/containers/podman/releases/tag/v3.4.3
generic_textual MODERATE https://github.com/containers/podman/releases/tag/v3.4.3
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3
cvssv2 6.4 https://nvd.nist.gov/vuln/detail/CVE-2021-4024
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4024
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4024
archlinux Medium https://security.archlinux.org/AVG-2591
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4024.json
https://api.first.org/data/v1/epss?cve=CVE-2021-4024
https://bugzilla.redhat.com/show_bug.cgi?id=2026675,
https://bugzilla.redhat.com/show_bug.cgi?id=2026675%2C
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/containers/podman
https://github.com/containers/podman/releases/tag/v3.4.3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3/
1000844 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000844
2026675 https://bugzilla.redhat.com/show_bug.cgi?id=2026675
AVG-2591 https://security.archlinux.org/AVG-2591
cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CVE-2021-4024 https://nvd.nist.gov/vuln/detail/CVE-2021-4024
GLSA-202407-12 https://security.gentoo.org/glsa/202407-12
RHSA-2022:7954 https://access.redhat.com/errata/RHSA-2022:7954
RHSA-2024:10289 https://access.redhat.com/errata/RHSA-2024:10289
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4024.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2026675,
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/containers/podman
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://github.com/containers/podman/releases/tag/v3.4.3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4024
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4024
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4024
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.23129
EPSS Score 0.00091
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.