Jeffrey

**Name of the Vulnerable Software and Affected Versions** GNU inetutils versions prior to 2.5 **Description** The issue allows privilege escalation due to unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. **Recommendations** For GNU inetutils versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the set*id() family functions in the affected services until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ingress-nginx (affected versions not specified) **Description** A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use `.metadata.annotations` in an Ingress object to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.