SCA: security update for github.com/containers/podman/v3 (GHSA-3cf2-x423-x582)

medium Tenable Self-Hosted Container Security Plugin ID 409454

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual
machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is
accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an
attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making
private services on the VM accessible to the network. This issue could be also used to interrupt the
host's services by forwarding all ports to the VM. (CVE-2021-4024)

See Also

https://github.com/advisories/GHSA-3cf2-x423-x582

Plugin Details

Severity: Medium

ID: 409454

Version: Revision 1.4

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 2.1

Percentile: 6.91

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2021-4024

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 1/6/2022

Vulnerability Publication Date: 12/23/2021

Reference Information

CVE: CVE-2021-4024