"A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process," Red Hat's Joel Smith said in an alert.
"Additionally, virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access."
As temporary mitigations, it has been advised to disable the builder account on affected VMs. Users are also recommended to rebuild affected images using a fixed version of Image Builder and redeploy them on VMs.
The fix put in place by the Kubernetes team eschews the default credentials for a randomly-generated password that's set for the duration of the image build. In addition, the builder account is disabled at the end of the image build process.
Collection
[
|
...
]