CVE-2024-9486

VM images built with Image Builder and Proxmox provider use default credentials

Description

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider.

Remediation

Solution:

Rebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs.

Workaround:

Prior to upgrading, this vulnerability can be mitigated by disabling the builder account on affected VMs: usermod -L builder

References

Link	Tags
https://github.com/kubernetes/kubernetes/issues/128006	vendor advisory issue tracking
https://github.com/kubernetes-sigs/image-builder/pull/1595	patch
https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ	vendor advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2024-9486?: CVE-2024-9486 has been scored as a critical severity vulnerability.
How to fix CVE-2024-9486?: To fix CVE-2024-9486: Rebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs.
Is CVE-2024-9486 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-9486 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-9486?: CVE-2024-9486 affects Kubernetes Image Builder.

Description

Remediation

Category

CWE-798 – Use of Hard-coded Credentials

References

Frequently Asked Questions