CVE-2024-9486 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-9486 Interim 1 13 2026-03-05T02:54:56Z current 2024-11-02T00:40:38Z 2026-03-05T02:54:56Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-9486 A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2024-November/019776.html E-Mail link for SUSE-SU-2024:3911-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3GBL6IN35EDC2YQIKBPTX7XQQ67KRPAM/ E-Mail link for openSUSE-SU-2024:0350-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XTEQAM75LF5DZCFX3MOH4IT3DWP5ZTL6/ E-Mail link for openSUSE-SU-2024:14447-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/toolbox:latest Image SL-Micro Image SL-Micro-Base Image SL-Micro-Base-RT Image SL-Micro-Base-RT-SelfInstall Image SL-Micro-Base-RT-encrypted Image SL-Micro-Base-SelfInstall Image SL-Micro-Base-encrypted Image SL-Micro-Base-qcow Image SL-Micro-Default Image SL-Micro-Default-SelfInstall Image SL-Micro-Default-encrypted Image SL-Micro-Default-qcow Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE SUSE Linux Enterprise Server 16.0 openSUSE Tumbleweed govulncheck-vulndb-0.0.20241030T212825-1.1 govulncheck-vulndb-0.0.20250814T182633-160000.1.2 less-633-3.1 less-633-3.1 as a component of Container suse/sl-micro/6.0/baremetal-os-container:latest less-633-3.1 as a component of Container suse/sl-micro/6.0/toolbox:latest less-633-3.1 as a component of Image SL-Micro less-633-3.1 as a component of Image SL-Micro-Base less-633-3.1 as a component of Image SL-Micro-Base-RT less-633-3.1 as a component of Image SL-Micro-Base-RT-SelfInstall less-633-3.1 as a component of Image SL-Micro-Base-RT-encrypted less-633-3.1 as a component of Image SL-Micro-Base-SelfInstall less-633-3.1 as a component of Image SL-Micro-Base-encrypted less-633-3.1 as a component of Image SL-Micro-Base-qcow less-633-3.1 as a component of Image SL-Micro-Default less-633-3.1 as a component of Image SL-Micro-Default-SelfInstall less-633-3.1 as a component of Image SL-Micro-Default-encrypted less-633-3.1 as a component of Image SL-Micro-Default-qcow less-633-3.1 as a component of Image SLE-Micro less-633-3.1 as a component of Image SLE-Micro-Azure less-633-3.1 as a component of Image SLE-Micro-BYOS less-633-3.1 as a component of Image SLE-Micro-BYOS-Azure less-633-3.1 as a component of Image SLE-Micro-BYOS-EC2 less-633-3.1 as a component of Image SLE-Micro-BYOS-GCE less-633-3.1 as a component of Image SLE-Micro-EC2 less-633-3.1 as a component of Image SLE-Micro-GCE govulncheck-vulndb-0.0.20250814T182633-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 govulncheck-vulndb-0.0.20241030T212825-1.1 as a component of openSUSE Tumbleweed A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider. CVE-2024-9486 Container suse/sl-micro/6.0/baremetal-os-container:latest:less-633-3.1 Container suse/sl-micro/6.0/toolbox:latest:less-633-3.1 Image SL-Micro:less-633-3.1 Image SL-Micro-Base:less-633-3.1 Image SL-Micro-Base-RT:less-633-3.1 Image SL-Micro-Base-RT-SelfInstall:less-633-3.1 Image SL-Micro-Base-RT-encrypted:less-633-3.1 Image SL-Micro-Base-SelfInstall:less-633-3.1 Image SL-Micro-Base-VMware:less-633-3.1 Image SL-Micro-Base-encrypted:less-633-3.1 Image SL-Micro-Base-qcow:less-633-3.1 Image SL-Micro-Default:less-633-3.1 Image SL-Micro-Default-SelfInstall:less-633-3.1 Image SL-Micro-Default-VMware:less-633-3.1 Image SL-Micro-Default-encrypted:less-633-3.1 Image SL-Micro-Default-qcow:less-633-3.1 Image SLE-Micro:less-633-3.1 Image SLE-Micro-Azure:less-633-3.1 Image SLE-Micro-BYOS:less-633-3.1 Image SLE-Micro-BYOS-Azure:less-633-3.1 Image SLE-Micro-BYOS-EC2:less-633-3.1 Image SLE-Micro-BYOS-GCE:less-633-3.1 Image SLE-Micro-EC2:less-633-3.1 Image SLE-Micro-GCE:less-633-3.1 SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241030T212825-1.1 critical 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H