27 matches found
EUVD-2025-25147
Malicious code in bioql PyPI...
EUVD-2024-3002
Malicious code in bioql PyPI...
EUVD-2024-2994
Malicious code in bioql PyPI...
CVE-2025-9276
CVE-2025-9276 affects Cockroach Labs “cockroach-k8s-request-cert” container image. The flaw is in the system shadow file configuration, with a blank root password, enabling an authentication bypass over the network. Documented impact is high (authentication bypass; potential full access) and CVSS...
CVE-2025-9276 Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The specific flaw...
CVE-2025-7342
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...
CVE-2025-7342
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...
CVE-2025-7342
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...
CVE-2025-7342 VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...
CVE-2025-7342
CVE-2025-7342 affects the Kubernetes Image Builder when using Nutanix or VMware OVA providers. During Windows image builds, default credentials are enabled, allowing root access. The credentials are disabled after the build. Affected clusters are those that use VM images created via the Image Bui...
CVE-2025-7342 VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...
MAL-2025-24148 Malicious code in k8s-image-extractor (npm)
The package k8s-image-extractor was found to contain malicious code...
Malicious code in k8s-image-extractor (npm)
The package k8s-image-extractor was found to contain malicious code...
The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.
The vulnerability of the Kubernetes Image Builder software lies in the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine remotely...
PT-2025-30382 · Nutanix +1 · Kubernetes Image Builder Nutanix +1
Name of the Vulnerable Software and Affected Versions: Kubernetes Image Builder Nutanix affected versions not specified OVA providers affected versions not specified Description: VM images built with Kubernetes Image Builder Nutanix or OVA providers may use default credentials for Windows images ...
SUSE CVE-2024-9486
A security issue was discovered in the Kubernetes Image Builder versions = v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be...
Unauthorized Root Access
github.com/kubernetes-sigs/image-builder is vulnerable to Unauthorized Root Access. The vulnerability is due to default credentials being enabled during the image build process with the Nutanix, OVA, QEMU, or raw providers, which allows an attacker to gain root access if they reach the VM where t...
The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.
The vulnerability of the Kubernetes Image Builder software relates to the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine via SSH connection and elevate their privileges to root level...
The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.
The vulnerability of the Kubernetes Image Builder software relates to the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine via SSH connection and elevate their privileges to root level...
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
A security issue was discovered in the Kubernetes Image Builder versions = v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusi...