A critical security flaw has been found in the Kubernetes Image Builder that could allow attackers to gain root access. The vulnerability has been fixed in version 0.1.38. Temporary mitigations include disabling the builder account and rebuilding affected images. Other critical vulnerabilities have also been disclosed, including in Microsoft Dataverse, Imagine Cup, and Power Platform, as well as in the Apache Solr enterprise search engine. These vulnerabilities have been addressed in the respective software updates.
read full article
We do not own the rights to this content & no infringement intended, CREDIT: The Original Source: thehackernews.com
Trendzz Only Comment:
This HTML code snippet provides information about a critical security flaw in the Kubernetes Image Builder that could lead to root access in certain circumstances. The vulnerability, identified as CVE-2024-9486, has been fixed in version 0.1.38. The article also mentions related issues with other providers which have been addressed in the latest version of the Image Builder. Temporary mitigations include disabling the builder account on affected VMs and rebuilding images using the fixed version. The article also highlights similar vulnerabilities in Microsoft products and Apache Solr. The overall tone of the article is informative, warning users about potential risks and providing solutions to mitigate them.
.