Suanve

**Name of the Vulnerable Software and Affected Versions** ingress-nginx versions prior to 1.9.0 **Description** A security issue in ingress-nginx allows for arbitrary command execution due to annotation injection. This can be exploited by a remote attacker to execute arbitrary code or elevate privileges. The issue is related to errors in processing input data in the nginx.ingress.kubernetes.io/configuration-snippet controller. In multi-tenant environments where non-admin users have permissions to create Ingress objects, the impact is more significant. The estimated number of potentially affected devices is not provided. **Recommendations** For versions prior to 1.9.0, set the --enable-annotation-validation flag to enforce restrictions on the contents of ingress-nginx annotation fields. As a temporary workaround, consider restricting access to the `nginx.ingress.kubernetes.io/configuration-snippet` annotation to minimize the risk of exploitation. Update to version 1.9.0 or later to fully resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Docker Desktop versions prior to 4.17.0 **Description** The issue allows an attacker to execute arbitrary commands inside a Dev Environments container during initialization. This can be achieved by tricking a user into opening a crafted malicious `docker-desktop://` URL. The vulnerability is related to inadequate data cleaning measures at the management level, which can be exploited to execute arbitrary commands. **Recommendations** For Docker Desktop versions prior to 4.17.0, update to version 4.17.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted `docker-desktop://` URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** KubePi versions prior to 1.6.4 **Description** The issue allows unauthorized access to system API interfaces, potentially leaking sensitive information. This is due to a flaw in how online applications handle routing permissions. There are no known workarounds. **Recommendations** For versions prior to 1.6.4, upgrade to version 1.6.4 to resolve the issue. As a temporary workaround, consider restricting access to the API interfaces until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** KubeOperator versions 3.16.3 and below **Description** The issue allows unauthorized access to API interfaces, potentially leaking sensitive information and allowing takeover of the cluster under certain conditions. This is due to a flaw in handling routing permissions. **Recommendations** For versions 3.16.3 and below, upgrade to version 3.16.4 to resolve the issue. As a temporary workaround, consider restricting access to API interfaces until the upgrade is applied.