#Proxmox – Xynik

Critical default credential bug in Kubernetes Image Builder allows SSH root access

October 16, 2024 by Xynik

October 16, 2024 at 06:02PM A critical bug in Kubernetes Image Builder (CVE-2024-9486) allows unauthorized SSH access to VMs due to default credentials. It poses the highest risk to Proxmox provider images, earning a CVSS of 9.8. Users should upgrade to Image Builder v0.1.38 or later to mitigate this vulnerability. **Meeting Takeaways: Kubernetes Image Builder … Read more

Critical Kubernetes Image Builder flaw gives SSH root access to VMs

October 16, 2024 by Xynik

October 16, 2024 at 12:59PM A critical Kubernetes vulnerability, CVE-2024-9486, permits unauthorized SSH access to VM images built with the Image Builder project (version 0.1.37 or earlier) due to default credentials. Users are advised to upgrade to version 0.1.38 or temporarily disable the builder account. Similar issues exist for other providers, tracked as CVE-2024-9594. ### … Read more