A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project.
Kubernetes is an open-source platform that helps automate the deployment, scale, and operate virtual containers – lightweight environments for applications to run.
With Kubernetes Image Builder, users can create virtual machine (VM) images for various Cluster API (CAPI) providers, like Proxmox or Nutanix, that run the Kubernetes environment. These VMs are then used to set up nodes (servers) that become part of a Kubernetes cluster.
A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project.
Kubernetes is an open-source platform that helps automate the deployment, scale, and operate virtual containers – lightweight environments for applications to run.
With Kubernetes Image Builder, users can create virtual machine (VM) images for various Cluster API (CAPI) providers, like Proxmox or Nutanix, that run the Kubernetes environment. These VMs are then used to set up nodes (servers) that become part of a Kubernetes cluster.
If upgrading is not possible at this time, a temporary solution is to disable the builder account using the command:
usermod -L builder
More information about mitigation and how to check if your system is affected is available on this GitHub page.
The bulletin also warns that the same issue exists for images built with the Nutanix, OVA, QEMU or raw providers, but it has a medium-severity rating due to additional requirements for successful exploitation. The vulnerability is now identified as CVE-2024-9594.
Specifically, the flaw can only be exploited during the build process and requires an attacker to gain access to the image-creating VM and perform actions for the default credentials to persist, thus allowing future access to the VM.
The same fix and mitigation recommendation apply for CVE-2024-9594.
