CVE-2021-20188 – A privilege escalation vulnerability in Podman ... (How to Fix)

Q: What is the severity of CVE-2021-20188?

CVE-2021-20188 has a CVSS score of 7.0 (HIGH). A privilege escalation vulnerability in Podman allows non-root users inside privileged containers to access any file, including root-owned files. This affects users running Podman containers with privileged mode enabled. The vulnerability compromises container isolation but doesn't directly allow container escape.

📋 TL;DR

A privilege escalation vulnerability in Podman allows non-root users inside privileged containers to access any file, including root-owned files. This affects users running Podman containers with privileged mode enabled. The vulnerability compromises container isolation but doesn't directly allow container escape.

💻 Affected Systems

Products:

Podman

Versions: All versions before 1.7.0

Operating Systems: Linux

Default Config Vulnerable: ✅ No

Notes: Only affects containers run with privileged mode enabled (-privileged flag).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious user inside privileged container reads/modifies sensitive files, potentially compromising containerized applications and data.

🟠

Likely Case

Accidental or malicious file access within container leading to data exposure or corruption.

🟢

If Mitigated

Limited impact if containers run with proper user restrictions and without privileged mode.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires user access inside privileged container. No public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.0 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1915734

Restart Required: Yes

Instructions:

1. Update Podman to version 1.7.0 or later using your package manager. 2. Restart any affected containers. 3. Verify version with 'podman --version'.

🔧 Temporary Workarounds

Avoid privileged containers

linux

Run containers without privileged mode unless absolutely necessary.

podman run --security-opt=no-new-privileges image:tag

Use user namespace isolation

linux

Enable user namespace mapping to isolate container users from host.

podman run --userns=keep-id image:tag

🧯 If You Can't Patch

Avoid using privileged containers entirely
Implement strict access controls and monitoring for privileged containers

🔍 How to Verify

Check if Vulnerable:

Check Podman version and if containers run with --privileged flag.

Check Version:

podman --version

Verify Fix Applied:

Confirm Podman version is 1.7.0+ and test file access within privileged container.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns within containers
Privileged container creation events

Network Indicators:

N/A - local container vulnerability

SIEM Query:

source="podman" AND "privileged" AND (event="create" OR event="run")

📊 Metadata

CVE ID: CVE-2021-20188

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

Published: February 11, 2021

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=1915734 Issue Tracking,Patch,Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1915734 Issue Tracking,Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20188, you might also want to check these: