Ethical Hacking News
A critical vulnerability has been discovered in the Kubernetes Image Builder, posing a significant risk to nodes in clusters using virtual machine images created via the Image Builder project with the Proxmox provider. The fix for this issue addresses default credentials by eschewing them for randomly-generated passwords during image builds and disabling builder accounts at the end of the process.
The Kubernetes Image Builder has a critical vulnerability (CVE-2024-9486) that poses a significant risk to nodes in clusters using virtual machine images created via the Image Builder project with the Proxmox provider. The vulnerability allows an attacker to gain root access on affected nodes if exploited successfully due to default credentials being enabled during the image build process. A fix has been implemented by eschewing default credentials for a randomly-generated password and disabling the builder account at the end of the image build process. The vulnerability only affects clusters using VM images created via the Image Builder project with Proxmox providers, while other providers are not impacted. An additional critical vulnerability (CVE-2024-45216) has been disclosed in Apache Solr, which could lead to an authentication bypass on susceptible instances. Microsoft has released server-side patches for three critical-rated flaws that could lead to privilege escalation and information disclosure.
The cybersecurity landscape is constantly evolving, with new vulnerabilities and threats emerging every day. In recent times, a critical vulnerability has been discovered in the Kubernetes Image Builder that poses a significant risk to nodes in clusters using virtual machine (VM) images created via the Image Builder project with the Proxmox provider. This vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), was disclosed by Red Hat's Joel Smith and acknowledged Nicolai Rybnikar for discovering and reporting the issue.
According to the alert issued by Red Hat, a security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process. This vulnerability allows an attacker to gain root access on affected nodes if they can exploit it successfully. The impact of this vulnerability is significant, as clusters using the Proxmox provider may be exposed to root access risk due to the default credentials not being disabled.
The fix put in place by the Kubernetes team addresses this issue by eschewing the default credentials for a randomly-generated password that's set for the duration of the image build. Additionally, the builder account is disabled at the end of the image build process. This move ensures that the default credentials are no longer available to attackers, thereby mitigating the risk of root access.
However, this vulnerability does not affect all Kubernetes clusters equally. Clusters using VM images created via the Image Builder project with providers other than Proxmox are not impacted by this issue. Furthermore, Kubernetes clusters using the Nutanix, OVA, QEMU, or raw providers have a lower severity vulnerability (CVE-2024-9594) due to the fact that the VMs using these images are only affected "if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time of the image build."
In addition to this critical vulnerability, other security issues have been reported in recent times. A critical vulnerability has been disclosed in the Apache Solr open-source enterprise search engine (CVE-2024-45216, CVSS score: 9.8), which could pave the way for an authentication bypass on susceptible instances. This vulnerability affects Solr versions from 5.3.0 before 8.11.4, as well as from 9.0.0 before 9.7.0, and has been remediated in versions 8.11.4 and 9.7.0, respectively.
Microsoft has also released server-side patches for three critical-rated flaws Dataverse, Imagine Cup, and Power Platform that could lead to privilege escalation and information disclosure (CVE-2024-38139, CVE-2024-38204, and CVE-2024-38190). These vulnerabilities have a CVSS score of 8.7, 7.5, and 8.6 respectively.
In conclusion, the recent discovery of a critical vulnerability in the Kubernetes Image Builder highlights the importance of regular security audits and updates to prevent such issues from arising. Additionally, it is crucial for organizations to stay informed about emerging security threats and vulnerabilities to ensure that their systems are protected against potential risks.
Related Information:
https://thehackernews.com/2024/10/critical-kubernetes-image-builder.html
https://www.cert.be/en/advisory/warning-fix-available-cve-2024-9486-rce-critical-vulnerability-kubernetes-imagebuilder
https://nvd.nist.gov/vuln/detail/CVE-2024-9486
https://www.cvedetails.com/cve/CVE-2024-9486/
https://nvd.nist.gov/vuln/detail/CVE-2024-9594
https://www.cvedetails.com/cve/CVE-2024-9594/
https://nvd.nist.gov/vuln/detail/CVE-2024-45216
https://www.cvedetails.com/cve/CVE-2024-45216/
https://nvd.nist.gov/vuln/detail/CVE-2024-38139
https://www.cvedetails.com/cve/CVE-2024-38139/
https://nvd.nist.gov/vuln/detail/CVE-2024-38204
https://www.cvedetails.com/cve/CVE-2024-38204/
https://nvd.nist.gov/vuln/detail/CVE-2024-38190
https://www.cvedetails.com/cve/CVE-2024-38190/
Published: Thu Oct 17 03:33:57 2024 by llama3.2 3B Q4_K_M
