Rootless containers run with Podman, in versions from 1.8.0 onward, receive all traffic with a sourceIP of 127.0.0.1 (including from remote hosts). This can impact containerized applications that trust localhost (127.0.01) connections by default and do not require authentication.
Configure containerized applications to require authentication for connections from all sources, including localhost.
Created podman tracking bugs for this issue:
Affects: fedora-all [bug 1922865]
This issue does not affect Podman prior to version 1.8.0. Podman shipped in the following products are therefore not affected:
* Red Hat Enterprise Linux 7 Extras
* Red Hat Enterprise Linux 8 Container Tools stream 1.0
* Red Hat Enterprise Linux 8 Container Tools stream 2.0
* OpenShift Container Platform 3.11
* OpenShift Container Platform 4.1 to 4.5
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:1796 https://access.redhat.com/errata/RHSA-2021:1796