The Kubernetes Security Response Committee has disclosed two critical vulnerabilities in the Kubernetes Image Builder that could allow attackers to gain root access to virtual machines (VMs).
The flaws, identified as CVE-2024-9486 and CVE-2024-9594, stem from the use of default credentials during the image build process.
Kubernetes Image Builder Vulnerabilities
CVE-2024-9486, rated as Critical with a CVSS score of 9.8, specifically impacts images built with the Proxmox provider.
Virtual machine images created using this provider fail to disable the default credentials, potentially allowing unauthorized access to nodes using these images. This vulnerability poses a significant risk, as attackers could exploit these credentials to gain complete control of affected VMs.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)
CVE-2024-9594, rated as Medium with a CVSS score of 6.3, affects images built with the Nutanix, OVA, QEMU, or raw providers. While these images also use default credentials during the build process, they are disabled upon completion.
However, the vulnerability window exists during the image build process, making it possible for an attacker to modify the image if they can reach the VM during construction.
Clusters running VM images built with Kubernetes Image Builder version 0.1.37 or earlier are potentially at risk. Users are urged to check their Image Builder version using the provided commands, such as make version for git clones or docker run --rm for container image releases.
To mitigate the threat, the Kubernetes Security Response Committee urges users to take the following actions:
- Upgrade to Kubernetes Image Builder v0.1.38 or later, which includes the necessary fixes.
- Rebuild any affected images using the updated Image Builder version.
- Re-deploy the fixed images to any affected VMs
To mitigate the threat, the Kubernetes Security Response Committee recommends rebuilding any affected images using Image Builder version 0.1.38 or later, which includes the necessary fixes. For CVE-2024-9486, a temporary mitigation involves disabling the “builder” account on affected VMs with the command usermod -L builder.
Nicolai Rybnikar from Rybnikar Enterprises GmbH reported the vulnerabilities, which Marcus Noble of the Image Builder project addressed. Users are advised to take immediate action to secure their Kubernetes environments and monitor for any signs of exploitation.
Organizations using Kubernetes should prioritize addressing these vulnerabilities to prevent potential unauthorized access and maintain the security of their clusters.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar