CVE-2024-9594

Description

VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder

How to fix CVE-2024-9594

To remediate CVE-2024-9594, upgrade the affected package to a fixed version below.

• Go/github.com/kubernetes-sigs/image-builder—upgrade to 0.1.38 or later
• —upgrade to 0.1.38 or later

Is CVE-2024-9594 being exploited?

Low — EPSS is 2.6%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 0.1.38
• from 0, < 0.1.38

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-9594
• WEBgithub.com/kubernetes/kubernetes/issues/128007
• WEBgithub.com/kubernetes-sigs/image-builder/pull/1596
• WEBgroups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ