Security News > 2024 > October > Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk
2024-10-17 05:18
A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), has been addressed in version 0.1.38. The project maintainers acknowledged Nicolai Rybnikar for discovering and reporting the vulnerability. "A security issue
News URL
https://thehackernews.com/2024/10/critical-kubernetes-image-builder.html
Related news
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical Cisco ISE bug can let attackers run commands as root (source)
- Palo Alto firewalls under attack as miscreants chain flaws for root access (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-9486 | Use of Hard-coded Credentials vulnerability in Kubernetes Image Builder A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. | 9.8 |