Rybnico

**Name of the Vulnerable Software and Affected Versions** Kubernetes Image Builder versions <= v0.1.37 **Description** A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider. This issue allows attackers to exploit default credentials to take over virtual machines using certain image builds. **Recommendations** For Kubernetes Image Builder versions <= v0.1.37, update to v0.1.38 to mitigate this issue. As a temporary workaround, consider disabling the default credentials in the image build process to prevent unauthorized access. Restrict access to the vulnerable VM images to minimize the risk of exploitation. Avoid using the default credentials in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Kubernetes Image Builder versions <= v0.1.37 **Description** A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process when using certain providers, such as Nutanix, OVA, QEMU, or raw. This allows an attacker to gain root access to the virtual machine. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project and an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring. **Recommendations** For Kubernetes Image Builder versions <= v0.1.37, consider disabling the default credentials during the image build process as a temporary workaround until a patch is available. Restrict access to the VM where the image build is happening to minimize the risk of exploitation. Avoid using the vulnerable providers, such as Nutanix, OVA, QEMU, or raw, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.