Tech News
Hard-Coded Credentials Vulnerability In Kubernetes Image Builder
A critical vulnerability has been addressed with the latest release of Kubernetes Image Builder. This vulnerability was related to hard-coded credentials that could potentially allow unauthorized access to malicious actors.
Kubernetes Image Builder Vulnerability
According to the latest advisory, two security issues have been patched in the latest Kubernetes Image Builder release.
One of these issues, identified as CVE-2024-9486, was caused by hard-coded credentials that were active during the image-building process. These credentials could be exploited to gain root access to nodes using the images, particularly when built with the Proxmox provider.
This vulnerability affected Kubernetes Image Builder versions v0.1.37 and earlier when built with the Proxmox provider. More details about this vulnerability can be found on GitHub.
To address the vulnerability, Kubernetes recommends rebuilding images using the patched Image Builder versions and deploying them to the virtual machines.
This critical vulnerability received a CVSS score of 9.8 and was initially discovered by security researcher Nicolai Rybnikar from Rybnikar Enterprises GmbH. The issue was promptly addressed by the project team, and a fix was released with Kubernetes Image Builder v0.1.38. Marcus Noble from the Image Builder project was acknowledged for patching the issue.
Furthermore, the same Image Builder release also fixed another security flaw, identified as CVE-2024-9594. This medium-severity vulnerability (CVSS 6.3) is similar to the previous issue but affects images built with Nutanix, OVA, QEMU, or raw providers. Details about this vulnerability can be found on GitHub.
Users are advised to update to Kubernetes Image Builder version 0.1.38 or later to ensure they receive all the necessary patches and avoid potential risks. If an immediate update is not possible, users can disable the builder account on affected virtual machines using the command: usermod -L builder.
Share your thoughts in the comments section below.
5 Amazing Benefits Of Stacking Toy
Nordic founders are taking bigger swings, and it’s paying off
5 Apps To Speed Up Your Google TV Device
Trump threatens ABC News for reporter’s questions on his family business in Saudi Arabia, Khashoggi’s murder and Epstein files
The Best Sunglasses for Travel + Must Have Accessories » Local Adventurer » Travel Adventures in Las Vegas + World Wide
This Silent Habit Might Be Sabotaging Your Career
The Four Types of Happiness: Which One Are You Living In?
Halloween Events in London 2025
Join the peaceful demonstrations for democracy
Cute and Thankful Sayings for the People You Love
Croatia to reintroduce compulsory military draft as regional tensions soar
Singapore Airlines CEO set to join board of Air India, BA News, BA
Supernatural Season 16 Revival News, Cast, Plot and Release Date
How Your Contact Center Can Become A Customer Engagement Center
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Google Pixel 9 Pro vs Samsung Galaxy S25 Ultra: Camera Comparison Review
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
Fallout Season 2 Potential Release Date, Cast, Plot and News
15 of the Best Trike & Tricycles Mums Recommend
17 Signs You Travel A Lot
-
Breaking News2 years agoCroatia to reintroduce compulsory military draft as regional tensions soar
-
Destination1 year agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Gadgets1 year agoSupernatural Season 16 Revival News, Cast, Plot and Release Date
-
Productivity2 years agoHow Your Contact Center Can Become A Customer Engagement Center
-
Tech News2 years agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Gadgets10 months agoGoogle Pixel 9 Pro vs Samsung Galaxy S25 Ultra: Camera Comparison Review
-
Gaming2 years agoThe Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Gadgets10 months agoFallout Season 2 Potential Release Date, Cast, Plot and News