CVE-2024-9594
published 2024-10-15CVE-2024-9594: A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when…
PriorityP351high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.64%
73.4th percentile
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | kubernetes-sigs_image-builder | >= 0 < 0.1.38 | 0.1.38 |
| kubernetes-sigs | image_builder | < 0.1.38 | 0.1.38 |
| kubernetes | image_builder | <= 0.1.37 | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kubernetes-image-builder: VM images built with Image Builder with some providers use default credentials during builds
vendor_redhat·2024-10-15·CVSS 6.3
CVE-2024-9594 [MEDIUM] CWE-798 kubernetes-image-builder: VM images built with Image Builder with some providers use default credentials during builds
kubernetes-image-builder: VM images built with Image Builder with some providers use default credentials during builds
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build wa
OSV
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
osv·2024-10-17
CVE-2024-9594 VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
OSV
CVE-2024-9594: A security issue was discovered in the Kubernetes Image Builder versions <= v0
osv·2024-10-15·CVSS 8.1
CVE-2024-9594 [HIGH] CVE-2024-9594: A security issue was discovered in the Kubernetes Image Builder versions <= v0
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring.
OSV
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
osv·2024-10-15
CVE-2024-9594 [MEDIUM] VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time
GHSA
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
ghsa·2024-10-15
CVE-2024-9594 [MEDIUM] CWE-798 VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time
No detection rules found.
No public exploits indexed.
Wiz
Crying Out Cloud - November 2024 Newsletter | Wiz
blogs_wiz·2024-11-01·CVSS 7.2
[HIGH] Crying Out Cloud - November 2024 Newsletter | Wiz
Welcome back! This month we’ve seen a lot of action, with both vulnerabilities and security incidents that have left users affected. We bring you the latest cloud security highlights, to help you stay informed and stay secure. Let's dive in.
Here are our top picks!
## 🔍 Highlights
Supply Chain Attack on lottie-player
On October 30, 2024, a supply chain attack was initiated against the popular JavaScript library lottie-player, injecting malicious code that populates a Web3 wallet connection prompt on legitimate websites using the library, potentially targeting prominent cryptocurrency platforms and other high-traffic websites. The compromised versions of lottie-player were later removed from major CDNs and npm, but websites still using compromised versions of the library remain affected.
Bleepingcomputer
Critical Kubernetes Image Builder flaw gives SSH root access to VMs
blogs_bleepingcomputer·2024-10-16·CVSS 9.8
CVE-2024-9486 [CRITICAL] Critical Kubernetes Image Builder flaw gives SSH root access to VMs
## Critical Kubernetes Image Builder flaw gives SSH root access to VMs
## Bill Toulas
According to a security advisory on the Kubernetes community forums, the critical vulnerability affects VM images built with the Proxmox provider on Image Builder version 0.1.37 or earlier.
The issue is currently tracked as CVE-2024-9486 and consists in the use of default credentials enabled during the image-building process and not disabled afterward.
A threat actor knowing this could connect over a SSH connection and use these credentials to gain access with root privileges to vulnerable VMs.
The solution is to rebuild affected VM images using Kubernetes Image Builder version v0.1.38 or later, which sets a randomly generated password during the build process, and also disables the default “builder”
2024-10-15
Published