#ImageBuilder

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

by

October 17, 2024 at 02:48AM A critical security flaw (CVE-2024-9486) in Kubernetes Image Builder could allow root access due to default credentials during image builds. Addressed in version 0.1.38, users are advised to disable affected accounts and rebuild images. Additionally, related vulnerabilities in Microsoft and Apache Solr were also disclosed and patched. ### Meeting Takeaways … Read more

Critical default credential bug in Kubernetes Image Builder allows SSH root access

by

October 16, 2024 at 06:02PM A critical bug in Kubernetes Image Builder (CVE-2024-9486) allows unauthorized SSH access to VMs due to default credentials. It poses the highest risk to Proxmox provider images, earning a CVSS of 9.8. Users should upgrade to Image Builder v0.1.38 or later to mitigate this vulnerability. **Meeting Takeaways: Kubernetes Image Builder … Read more

Critical Kubernetes Image Builder flaw gives SSH root access to VMs

by

October 16, 2024 at 12:59PM A critical Kubernetes vulnerability, CVE-2024-9486, permits unauthorized SSH access to VM images built with the Image Builder project (version 0.1.37 or earlier) due to default credentials. Users are advised to upgrade to version 0.1.38 or temporarily disable the builder account. Similar issues exist for other providers, tracked as CVE-2024-9594. ### … Read more