A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated.

**Affected Versions**:
  - kube-apiserver v1.29.0 - v1.29.3
  - kube-apiserver v1.28.0 - v1.28.8
  - kube-apiserver <= v1.27.12