A recent discovery has unveiled a critical security vulnerability in certain Kubernetes Image Builders, which can create virtual machine (VM) images with static default credentials. This flaw exposes systems to potential root-level attacks, allowing adversaries a significant level of control over compromised computers. Consequently, administrators are urged to regenerate and update existing images to mitigate this risk.

The Security Risk

Kubernetes is a well-known platform for managing containerized applications, but a newly reported issue impacts its Image Builder. This vulnerability, identified in systems using Nutanix or Proxmox to create VM images, involves static credentials that attackers can exploit to gain SSH root access. The issue is particularly severe in Proxmox, where credentials are embedded within the image itself, earning it a "critical" designation (CVE-2024-9486). In contrast, the vulnerability in Nutanix (CVE-2024-9594) requires manipulative interference during the image build process, making it somewhat less critical.

Securing Your Systems

Fortunately, no active exploits have been reported thus far. However, to address this issue, developers have released Kubernetes Image Builder version 0.1.38, which incorporates fixes for these vulnerabilities. The updated builder version now generates random passwords and discards the default builder account during image creation. However, it's crucial to note that the patch will not repair existing VM images. Administrators need to manually delete and rebuild these images using the updated Image Builder to ensure security.

For further details, you can read the official security advisory here.

This information was initially reported by heise online.