Image Builder
Approved changes feed: RSS · Atom
cpe:2.3:a:kubernetes:image_builder:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Kubernetes (3ee05930-9e42-51b2-ad52-30832f573b15) |
|---|---|
| Product | Image Builder (f03cfd33-059c-5605-a418-e0d0ebc8a609) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-7342 |
vulnerable | 2026-06-03 15:12:30.962953 |
VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override
HIGH (7.5)
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project and the vulnerability was exploited during the build process, which requires an attacker to access the build VM and modify the image while the build is in progress.
Published: 2025-08-17T23:03:56.571Z
Updated: 2025-11-04T21:14:52.844Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9594 |
vulnerable | 2026-06-03 14:58:22.214398 |
VM images built with Image Builder with some providers use default credentials during builds
MEDIUM (6.3)
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring.
Published: 2024-10-15T20:37:01.308Z
Updated: 2024-10-16T16:21:56.147Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9486 |
vulnerable | 2026-06-03 14:58:21.984813 |
VM images built with Image Builder and Proxmox provider use default credentials
CRITICAL (9.8)
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider.
Published: 2024-10-15T20:33:43.138Z
Updated: 2024-10-16T18:56:40.632Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.