Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

by

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

October 17, 2024 at 02:48AM

A critical security flaw (CVE-2024-9486) in Kubernetes Image Builder could allow root access due to default credentials during image builds. Addressed in version 0.1.38, users are advised to disable affected accounts and rebuild images. Additionally, related vulnerabilities in Microsoft and Apache Solr were also disclosed and patched.

### Meeting Takeaways – October 17, 2024

#### Kubernetes Vulnerability (CVE-2024-9486)
– **Description**: A critical security flaw in Kubernetes Image Builder allows root access if default credentials are exploited.
– **CVSS Score**: 9.8 (critical severity).
– **Version Fixed**: The issue has been patched in version 0.1.38.
– **Discovery**: Acknowledgment to Nicolai Rybnikar for identifying the vulnerability.
– **Impact**: Affects Kubernetes clusters with nodes using VM images created via the Proxmox provider.
– **Temporary Mitigations**:
– Disable the builder account on affected VMs.
– Rebuild affected images with the fixed version of Image Builder and redeploy.
– **Additional Fixes**: CVE-2024-9594 (CVSS 6.3) addresses related issues with other providers (Nutanix, OVA, QEMU, raw).

#### Microsoft Vulnerabilities
– **Microsoft Dataverse** (CVE-2024-38139) – CVSS 8.7: Improper authentication allows privilege escalation.
– **Imagine Cup** (CVE-2024-38204) – CVSS 7.5: Improper access control permits privilege escalation.
– **Power Platform** (CVE-2024-38190) – CVSS 8.6: Missing authorization exposes sensitive information.

#### Apache Solr Vulnerability (CVE-2024-45216)
– **Description**: Critical flaw enabling authentication bypass through a manipulated API URL.
– **CVSS Score**: 9.8 (critical severity).
– **Affected Versions**: Solr versions from 5.3.0 to before 8.11.4 and from 9.0.0 to before 9.7.0.
– **Remediation**: Fixed in versions 8.11.4 and 9.7.0.

#### Action Items
– Review and apply patches for Kubernetes Image Builder and assess the need to rebuild affected VM images.
– Monitor and address vulnerabilities reported in Microsoft products and Apache Solr.
– Follow updates from relevant sources for emerging vulnerabilities.

#### Engagement
– For more insights and updates, consider following the related channels on Twitter and LinkedIn.

Full Article