- Description
- A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider.
- Source
- jordan@liggitt.net
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
Kubernetes Image Builder-də təhlükəsizlik boşluğu (CVE-2024-9486) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/oRqsRF0s98
@CERTAzerbaijan
30 Oct 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (CVE-2024-9486) https://t.co/k577prsZT8 #patchmanagement
@eyalestrin
21 Oct 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kubernetes Image Builderの脆弱性 (CVE-2024-9486) CVSS 9.8 Critical v0.1.37以下のバージョンにおいて、イメージ構築時にデフォルトの認証情報が有効化されます。 Proxmoxプロバイダーで構築されたVMイメージを利用するKubernetesノードに対して、不正アクセスの可能性があります。 https://t.co/sMYXAC5NLi
@t_nihonmatsu
21 Oct 2024
287 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Kubernetes Image Builder #vulnerability (CVE-2024-9486) has a serious root access flaw. With a CVSS score of 9.8, this flaw lets attackers exploit default credentials to take over virtual machines using certain image builds. Read: https://the... https://t.co/vBLdb2n7KL
@IT_news_for_all
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kubernetes Image Builder Zafiyeti (CVE-2024-9486) – Kritik Güvenlik Açığı ve Çözüm Yöntemleri https://t.co/gCayGTLv6r
@cyberwebeyeos
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Se descubrió una vulnerabilidad crítica en Kubernetes (CVE-2024-9486) que permite el acceso SSH no autorizado con privilegios de root a máquinas virtuales creadas con Kubernetes Image Builder versión 0.1.37, debido al uso de credenciales predeterminadas. https://t.co/caDSnu85U8
@ElliotSecOps
1146 Impressions
6 Retweets
37 Likes
5 Bookmarks
1 Reply
0 Quotes
Kubernetes fixes Critical Vulnerability CVE-2024-9486 #Kubernetes #CVE-2024-9486 https://t.co/JzwWcoZug7
@pravin_karthik
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical flaw in Kubernetes Image Builder (CVE-2024-9486, CVSS 9.8) could allow root access via default credentials. Only clusters using specific VM images are affected. Update to v0.1.38 to mitigate this issue. #Kubernetes #CyberSecurity https://t.co/ReQBQeiTBZ
@Cyber_O51NT
153 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تم الكشف عن ثغرة أمنية حرجة في Kubernetes Image Builder، يمكن استغلالها للحصول على وصول جذر. الثغرة، المسجلة كـ CVE-2024-9486 (تقييم CVSS: 9.8)، تم معالجتها في الإصدار 0.1.38. تم تكريم نيكولاي ريبيكار لاكتشافه وإبلاغه عن الثغرة. #الامن_السيبراني https://t.co/Ipl5EysJEW
@cyberetweet
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials https://t.co/QxMTZ2a6ot #patchmanagement
@eyalestrin
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerability CVE-2024-9486 (rated 9.8 by CVSS): A security flaw in the Kubernetes Image Builder allows root access to Virtual Machines. Details: https://t.co/i6J1faG1dx #cybersecurity #infosec #infosecurity
@vipr_lab
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 ثغرة Kubernetes Image Builder #vulnerability (CVE-2024-9486) بها خلل خطير في الوصول إلى الجذر. مع درجة CVSS 9.8، يسمح هذا الخلل للمهاجمين باستغلال بيانات الاعتماد الافتراضية للسيطرة على الآلات الافتراضية باستخدام عمليات بناء صور معينة. اقرأ: https://t.co/rx24Qq2OLM
@CERT_Arabic
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Kubernetes Image Builder #vulnerability (CVE-2024-9486) has a serious root access flaw. With a CVSS score of 9.8, this flaw lets attackers exploit default credentials to take over virtual machines using certain image builds. Read: https://t.co/GEJyxvgo8i #cybersecurity
@TheHackersNews
45573 Impressions
38 Retweets
94 Likes
23 Bookmarks
1 Reply
1 Quote
CVE-2024-9486 (CVSS 9.8): Kubernetes Image Builder Flaw Exposes VMs to Root Access https://t.co/LDdp0Kx29v
@Dinosn
3961 Impressions
19 Retweets
72 Likes
19 Bookmarks
0 Replies
0 Quotes
برای Kubernetes آسیب پذیری با کد شناسایی CVE-2024-9486 منتشر شده است که به هکرها امکان اتصال از نوع ssh را به virtual machine ای که توسط Kubernetes ایجاد شده باشد را می دهد. این آسیب پذیری برای Kubernetes Image Builder ورژن 0.1.37 و قبل از آن وجود دارد. https://t.co/Y2P1U3eX7Y ht
@AmirHossein_sec
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:image_builder:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C86E5438-1480-4C06-9A5E-C96F0756E07B",
"versionEndExcluding": "0.1.38"
}
],
"operator": "OR"
}
]
}
]