A significant security vulnerability has emerged within the Kubernetes Image Builder, posing a risk of unauthorized root access under specific conditions. The flaw, identified as CVE-2024-9486 and rated with a critical CVSS score of 9.8, has been resolved in the latest release, version 0.1.38. The vulnerability was reported by security researcher Nicolai Rybnikar.
Joel Smith from Red Hat warned that the Kubernetes Image Builder’s default credential settings during the image build process could potentially allow unauthorized access. In particular, images created with the Proxmox provider fail to deactivate these default credentials, making any running nodes susceptible to exploitation.
The vulnerability affects Kubernetes clusters reliant on virtual machine (VM) images produced via the Image Builder project with the Proxmox provider. In the immediate term, it is recommended that users deactivate the builder account on impacted VMs and rebuild the affected images utilizing a secured version of the Image Builder for redeployment.
The Kubernetes team has implemented safeguards to generate a random password during the image building process, eliminating reliance on default credentials. Additionally, the builder account will be disabled upon completion of the image build.
Notably, version 0.1.38 of the Kubernetes Image Builder also addresses a related issue assigned CVE-2024-9594 which has a lower CVSS score of 6.3. This issue pertains to default credentials applicable to images built using nutanix, OVA, QEMU, or raw providers. The reduced severity is attributed to the fact that these VMs are only at risk if an attacker can reach the VM during the image building process.
This development coincides with the release of critical patches from Microsoft addressing three security vulnerabilities in its Dataverse, Imagine Cup, and Power Platform products. These flaws, which could result in privilege escalation and sensitive data disclosure, involve improper authentication and access control as designated by their respective CVSS scores.
Additionally, there has recently been a severe vulnerability disclosed in the widely utilized Apache Solr open-source enterprise search engine, known as CVE-2024-45216 with a critical score of 9.8. This vulnerability could allow for authentication bypass on affected systems.
For businesses relying on Kubernetes technologies, the implications of this vulnerability are significant. The risk reflects potential adversary tactics associated with initial access, privilege escalation, and persistence as outlined in the MITRE ATT&CK framework. It is essential for organizations to remain vigilant, implement recommended security measures, and promptly update systems to mitigate risks associated with these vulnerabilities.
As the landscape of cybersecurity continues to evolve, staying informed is critical. Companies are encouraged to follow updates from authoritative sources to safeguard their assets against potential threats.
