-
Notifications
You must be signed in to change notification settings - Fork 744
/
CVE-2024-9594.json
131 lines (131 loc) · 5.3 KB
/
CVE-2024-9594.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-9594",
"ASSIGNER": "security@kubernetes.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process\u00a0when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kubernetes",
"product": {
"product_data": [
{
"product_name": "Image Builder",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "0",
"lessThanOrEqual": "0.1.37",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.1.38"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/128007",
"refsource": "MISC",
"name": "https://github.com/kubernetes/kubernetes/issues/128007"
},
{
"url": "https://github.com/kubernetes-sigs/image-builder/pull/1596",
"refsource": "MISC",
"name": "https://github.com/kubernetes-sigs/image-builder/pull/1596"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ",
"refsource": "MISC",
"name": "https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"value": "Rebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>Rebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs.</p>"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nicolai Rybnikar @rybnico from Rybnikar Enterprises GmbH."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "MEDIUM",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"
}
]
}
}