CVE-2024-9486: 
Linux openSUSE vulnerability analysis and mitigation

A critical security vulnerability (CVE-2024-9486) was discovered in Kubernetes Image Builder versions <= v0.1.37, where default credentials remain enabled during the image build process. The vulnerability, which received a CVSS score of 9.8, specifically affects virtual machine images built using the Proxmox provider. The issue was discovered and reported by Nicolai Rybnikar from Rybnikar Enterprises GmbH and was fixed in version 0.1.38 (Kubernetes Advisory, NVD).

The vulnerability stems from a security flaw where default credentials remain enabled and accessible after the image build process when using the Proxmox provider. These credentials can be used to gain root access to affected virtual machines. The issue received a Critical CVSS v3.1 score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating its severe nature. The vulnerability is specifically tied to the builder account that remains active after the image creation process (Hacker News).

The vulnerability allows unauthorized users to gain SSH access to node VMs that use images built with the affected versions of Kubernetes Image Builder's Proxmox provider. The credentials can be used to obtain root access to the affected systems, potentially compromising the entire node. Only Kubernetes clusters using VM images created via the Image Builder project with its Proxmox provider are affected (Security Online).

Users are advised to rebuild any affected images using Image Builder version 0.1.38 or later and redeploy these fixed images to affected VMs. As a temporary mitigation, the vulnerability can be addressed by disabling the builder account on affected VMs using the command 'usermod -L builder'. The fixed version implements two key changes: setting a randomly-generated password for the duration of the image build and disabling the builder account at the conclusion of the image build process (Kubernetes PR).