Xingxing Xia

**Name of the Vulnerable Software and Affected Versions** OAuth-server (affected versions not specified) **Description** A weakness was found in the OAuth-server, where it logs the OAuth2 client secret when the logLevel is set to Debug or higher for certain login options, including OIDC, GitHub, GitLab, and Google IDPs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kube-apiserver (affected versions not specified) **Description** An authentication bypass issue was discovered in kube-apiserver, allowing a remote, authenticated attacker with `update, patch` permissions on the `pods/ephemeralcontainers` subresource to potentially evade SCC admission restrictions. This could enable them to gain control of a privileged pod by creating a new pod or patching an existing one they have access to. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.