Critical Vulnerability in Kubernetes Image Builder

Kubernetes has released security updates addressing a critical vulnerability (CVE-2024-9486) in Kubernetes Image Builder. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Successful exploitation of the vulnerability could allow an attacker unauthorized secure shell access to a virtual machine that is running an image created with the Kubernetes Image Builder project.

The vulnerability affects the following products:

-  VM images built with the Proxmox provider on Image Builder version 0.1.37 or earlier.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:
https://discuss.kubernetes.io/t/security-advisory-cve-2024-9486-and-cve-2024-9594-vm-images-built-with-kubernetes-image-builder-use-default-credentials/30119