Tech News
Hard-Coded Credentials Vulnerability In Kubernetes Image Builder
A critical vulnerability has been addressed with the latest release of Kubernetes Image Builder. This vulnerability was related to hard-coded credentials that could potentially allow unauthorized access to malicious actors.
Kubernetes Image Builder Vulnerability
According to the latest advisory, two security issues have been patched in the latest Kubernetes Image Builder release.
One of these issues, identified as CVE-2024-9486, was caused by hard-coded credentials that were active during the image-building process. These credentials could be exploited to gain root access to nodes using the images, particularly when built with the Proxmox provider.
This vulnerability affected Kubernetes Image Builder versions v0.1.37 and earlier when built with the Proxmox provider. More details about this vulnerability can be found on GitHub.
To address the vulnerability, Kubernetes recommends rebuilding images using the patched Image Builder versions and deploying them to the virtual machines.
This critical vulnerability received a CVSS score of 9.8 and was initially discovered by security researcher Nicolai Rybnikar from Rybnikar Enterprises GmbH. The issue was promptly addressed by the project team, and a fix was released with Kubernetes Image Builder v0.1.38. Marcus Noble from the Image Builder project was acknowledged for patching the issue.
Furthermore, the same Image Builder release also fixed another security flaw, identified as CVE-2024-9594. This medium-severity vulnerability (CVSS 6.3) is similar to the previous issue but affects images built with Nutanix, OVA, QEMU, or raw providers. Details about this vulnerability can be found on GitHub.
Users are advised to update to Kubernetes Image Builder version 0.1.38 or later to ensure they receive all the necessary patches and avoid potential risks. If an immediate update is not possible, users can disable the builder account on affected virtual machines using the command: usermod -L builder.
Share your thoughts in the comments section below.
Stolarz, Leafs blank Bruins minus injured Matthews
November’s PS Plus Monthly Games are ready to download
Meet the startup that just won the Pentagon’s first AI defense contract
Google Pixel Watch 5 Might Get a Powerful Upgrade
here’s everything you need to know
Vietjet reports impressive revenue and profits in first 9 months of 2024, BA
200 Bangladeshis abducted during Hasina regime still missing: inquiry
Enshrouded’s “largest update so far” is out with a new mountain region, pets and single-player pausing
The best games on Xbox Game Pass (November 2024)
Bug causes Galaxy Watch 7 to vibrate for no reason
The Top 20 Motivational Instagram Accounts to Follow (2024)
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Singapore Airlines CEO set to join board of Air India, BA News, BA
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
Satisfy Your Meat and BBQ Cravings While in Texas
Mastering data privacy in the age of AI
15 of the Best Trike & Tricycles Mums Recommend
Soccer team’s drone at center of Paris Olympics spying scandal
Our new fixed tours are your ultimate Aussie & Kiwi adventure!
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Motivation5 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Tech News5 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Destination1 month agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Self Development5 months agoDon’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Guides & Tips4 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Tech News3 months agoMastering data privacy in the age of AI
-
Toys5 months ago15 of the Best Trike & Tricycles Mums Recommend
-
Tech News3 months agoSoccer team’s drone at center of Paris Olympics spying scandal