N/A

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

N/A

信息暴露

Podman 访问控制错误漏洞

Podman是一款用于在Linux系统上开发、管理和运行OCI容器的引擎。 podman 存在访问控制错误漏洞，podman machine 函数（用于创建和管理包含 Podman 进程的 Podman 虚拟机）在主机系统上生成一个 gvproxy 进程。gvproxy API 可在主机上所有 IP 地址的端口 7777 上访问。如果该端口在主机的防火墙上打开，攻击者可能会使用 gvproxy API 将主机上的端口转发到 VM 中的端口，从而使网络可以访问 VM 上的私有服务。

N/A

N/A