Severe Kubernetes Image Builder Vulnerability Puts Nodes at Risk of Root Access

A critical vulnerability in Kubernetes Image Builder has been revealed, which could be exploited to gain root access in specific scenarios.

Identified as CVE-2024-9486 (CVSS score: 9.8), the flaw has been patched in version 0.1.38, with thanks given to Nicolai Rybnikar for discovering it. Red Hat’s Joel Smith issued a warning about the issue, noting that default credentials were enabled during the image build process. Virtual machine (VM) images created with the Proxmox provider were particularly vulnerable, allowing root access to nodes using the default credentials.

Only Kubernetes clusters with nodes using VM images built through the Image Builder project with the Proxmox provider are affected. To mitigate the risk, users are urged to disable the builder account on impacted VMs and update their images using the fixed version of Image Builder, followed by redeployment.

The patch implemented by the Kubernetes team removes default credentials and replaces them with a randomly generated password during the image build process, and also disables the builder account afterward.

Additionally, version 0.1.38 addresses another vulnerability (CVE-2024-9594, CVSS score: 6.3) related to default credentials in images built using the Nutanix, OVA, QEMU, or raw providers. This issue was less severe since an attacker would need access to the VM during the image build to exploit it.

This development coincides with Microsoft releasing patches for three Critical-rated vulnerabilities in its Dataverse, Imagine Cup, and Power Platform services, which could lead to privilege escalation and information disclosure. Moreover, a critical Apache Solr vulnerability (CVE-2024-45216, CVSS score: 9.8) was disclosed, which could allow authentication bypass on vulnerable instances through URL manipulation.

Share this post :