---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies
title: 'Critical Vulnerability in Kubernetes'
number: '2024-112'
version: '1.0'
original_date: '2024-10-14'
date: '2024-10-17'
---
_History:_
* _17/10/2024 --- v1.0 -- Initial publication_
# Summary
On October 14, 2024, Kubernetes released a security advisory addressing a critical vulnerability affecting the Kubernetes Image Builder project [1,2].
It is recommended updating the Kubernetes Image Builder, and redeploying or mitigating Virtual Machines (VMs) created by the vulnerable Kubernetes Image Builder.
# Technical Details
The flaw affects Kubernetes Image Builder version 0.1.37 and earlier. It enables root access via SSH using default credentials on VMs built with the vulnerable version of Kubernetes Image Builder [2].
For images built with the Proxmox provider, the vulnerability has been assigned `CVE-2024-9486`, with a CVSS score of 9.8.
For images built with the Nutanix, OVA, QEMU or raw providers, the vulnerability has been assigned `CVE-2024-9594`, with a CVSS of 6.3.
# Affected Products
This flaw affects:
- Kubernetes Image Builder v0.1.37 and earlier;
- VM images built the vulnerable version of Kubernetes Image Builder.
# Recommendations
It is strongly recommended updating the Kubernetes Image Builder and redeploying VMs created by the vulnerable Kubernetes Image Builder.
## Mitigations
It is possible to mitigate the vulnerability in affected VMs by disabling the `builder` account: `usermod -L builder`
## Detection
The Linux command `last builder` can be used to view logins to the affected `builder` account.
# References
[1]
[2]