Default Credentials Enabled in Kubernetes Image Builder, Affecting Proxmox Virtual Machine Images
CVE-2024-9486

9.8CRITICAL

Key Information:

Vendor
Kubernetes
Status
Image Builder
Vendor
CVE Published:
15 October 2024

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 4,550πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2024-9486?

CVE-2024-9486 is a critical vulnerability within the Kubernetes Image Builder, specifically affecting versions up to v0.1.37. This tool is primarily used for creating virtual machine images that facilitate the deployment and management of applications in Kubernetes clusters. The vulnerability arises from the presence of enabled default credentials during the image building process, particularly when utilizing the Proxmox provider. This oversight could lead to unauthorized access to nodes created from these vulnerable images, allowing potential attackers to gain root access and compromise the confidentiality, integrity, and availability of resources within the affected organization.

Technical Details

The security issue is rooted in the Kubernetes Image Builder's failure to disable default credentials in virtual machine images constructed through the Proxmox provider. When these images are used to spin up nodes in a Kubernetes environment, the default credentials remain intact, posing a significant security risk. As a result, any malicious actor having knowledge of these default credentials could easily access the underlying system, leading to various exploitative actions. Since the vulnerability extends to a specific version range of the Image Builder, organizations are at risk if they are operating with any instances of the affected versions.

Impact of the Vulnerability

  1. Unauthorized Access: The primary impact of CVE-2024-9486 is the potential for unauthorized access to Kubernetes nodes. Attackers can exploit the enabled default credentials to gain root access, allowing them to control systems and applications running within the cluster.

  2. Data Breaches: With root access, attackers could exfiltrate sensitive data, leading to data breaches. This breach of confidentiality can have severe repercussions for organizations, including legal penalties, loss of customer trust, and financial repercussions.

  3. System Compromise and Malware Deployment: The ability to access nodes could enable attackers to compromise the systems further and deploy additional malware within the environment, potentially leading to a full-scale infiltration of the organization's IT infrastructure and cascading security incidents.

News Articles

favicon imageThe Cyber Express

Kubernetes Image Builder Vulnerability: CVE-2024-9486 Risk

The Kubernetes Image Builder vulnerability (CVE-2024-9486) poses a critical security threat.

favicon imageThe Hacker News

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

Critical Kubernetes Image Builder vulnerability CVE-2024-9486 patched to prevent root access via default credentials.

favicon imageCyberSecurityNews

Kubernetes Image Builder Flaw Let Attackers Gain Root Access to VMs

The Kubernetes Security Response Committee has disclosed two critical vulnerabilities in the Kubernetes Image Builder that could allow attackers to gain root access to virtual machines (VMs).

References

https://github.com/kubernetes/kubernetes/issues/128006
https://github.com/kubernetes-sigs/image-builder/pull/1595
https://groups.google.com/g/kubernetes-security-announce/...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CyberSecurityNews

  • Vulnerability published

.