Summary
A vulnerability, with severity “critical”, has been discovered in the Kubernetes Image Builder product, where default credentials are enabled during the image compilation process. This vulnerability could allow elevation of privileges and/or bypassing of authentication mechanisms.
Risk
Estimate of impact of the vulnerability on the reference community: MEDIUM/YELLOW (62.31/100)1.
Type
- Authentication Bypass
- Elevation of Privilege
Affected products and/or versions
Kubernetes Image Builder, version v. 0.1.37 and earlier
Mitigation actions
In line with the vendor statements, it is recommended to take mitigation actions following the instructions provided in the security bulletin reported in the References section.
Unique Vulnerability Identifiers
References
https://github.com/kubernetes/kubernetes/issues/128006
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
