Ginoah

**Name of the Vulnerable Software and Affected Versions** Team+ versions 13.5.x **Description** The issue arises from the improper validation of a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them. This can lead to unauthorized data access. **Recommendations** For version 13.5.x, apply the available patch to fix the issue and monitor for potential exploit development. Assess exposure and apply defense-in-depth measures to minimize the risk of exploitation. As a temporary workaround, consider restricting access to sensitive system files and directories until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** ingress-nginx (affected versions not specified) **Description** The issue is related to a controller vulnerability in the Kubernetes ingress-nginx cluster, which is associated with errors in processing input data. This can allow a remote attacker to execute arbitrary code or elevate privileges using the `log format` directive. The `path` sanitization in ingress-nginx can be bypassed with the `log format` directive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.