"Critical Kubernetes Image Builder Flaw Gives SSH Root Access to VMs"

A critical vulnerability in Kubernetes could enable unauthorized SSH access to a Virtual Machine (VM) that is running an image created with Kubernetes Image Builder. The Kubernetes Image Builder project lets users create VM images for Cluster API (CAPI) providers running the Kubernetes environment, such as Proxmox or Nutanix. These VMs are used to set up nodes that will become part of a Kubernetes cluster. The vulnerability stems from default credentials being enabled during image-building and not being disabled after the process. Therefore, a threat actor could connect over an SSH connection and then use these credentials to gain access with root privileges to VMs. This article continues to discuss the potential exploitation and impact of the critical Kubernetes Image Builder flaw.

BleepingComputer reports "Critical Kubernetes Image Builder Flaw Gives SSH Root Access to VMs"

Submitted by grigby1
 

Submitted by Gregory Rigby on