Information Exposure Affecting github.com/containers/podman/v3/pkg/machine Open this link in a new tab package, versions <3.4.3
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
28 Nov 2021
24 Nov 2021
How to fix?
github.com/containers/podman/v3/pkg/machine to version 3.4.3 or higher.
github.com/containers/podman/v3/pkg/machine is an is a package for creating podman-machines.
Affected versions of this package are vulnerable to Information Exposure via the
podman machine function which spawns
gvproxy with port 7777 bound to all IPs on the host. If the same port is open on the host's firewall, it's possible to make private services on the VM (
podman machine creates VMs running
podman process) accessible to the network, as well as forward all ports of the host to the VM.