cbcvebase.
CVE-2024-9486
published 2024-10-15

CVE-2024-9486: A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.22%
80.5th percentile
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider.

Affected

3 ranges
VendorProductVersion rangeFixed in
github.comkubernetes-sigs_image-builder>= 0 < 0.1.380.1.38
kubernetes-sigsimage_builder< 0.1.380.1.38
kubernetesimage_builder<= 0.1.37

Detection & IOCsextracted from sources · hover to see the quote

  • Look for SSH login attempts using the default 'builder' account on Kubernetes nodes built with Image Builder <= v0.1.37 using the Proxmox provider
  • Audit for the existence and enabled state of the 'builder' user account on VM nodes; an enabled 'builder' account on a production node is a strong indicator of exposure
  • Identify Kubernetes nodes running VM images built with Kubernetes Image Builder <= v0.1.37 via the Proxmox provider, as these retain default credentials post-build
  • ·Only VM images built with the Proxmox provider are critically affected (CVSS critical); images built with Nutanix, OVA, QEMU, or raw providers are also affected but rated medium severity (tracked as CVE-2024-9594) due to requiring attacker access to the image-building VM during the build process
  • ·Red Hat products are not affected as the impacted component is not shipped in the Red Hat Product Portfolio

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.