### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

# Ayarlar ve Ortam Değişkenleri { #settings-and-environment-variables }

Birçok durumda uygulamanızın bazı harici ayarlara veya konfigürasyonlara ihtiyacı olabilir; örneğin secret key'ler, veritabanı kimlik bilgileri, e-posta servisleri için kimlik bilgileri vb.

Bu ayarların çoğu değişkendir (değişebilir); örneğin veritabanı URL'leri. Ayrıca birçoğu hassas olabilir; örneğin secret'lar.

labels.ldap_memberof_attribute=memberOf Attribute
labels.notification_login=Login Page
labels.notification_search_top=Search Top Page
labels.storage_endpoint=Endpoint
labels.storage_access_key=Access Key
labels.storage_secret_key=Secret Key
labels.storage_bucket=Bucket
labels.storage_type=Type
labels.storage_type_auto=Auto
labels.storage_type_s3=S3
labels.storage_type_gcs=GCS
labels.storage_region=Region
labels.storage_project_id=Project ID

                  .build()
            }
          })
          .build()

      fun run() {
        val request = Request.Builder()
            .url("http://publicobject.com/secrets/hellosecret.txt")
            .build()
      }
    ```

labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL
labels.oic_scope=Scope
labels.oic_base_url=Base URL

            source.put("url", "http://evil.com/secret.html");
            source.put("content", "should not be written outside");

            indexExportJob.exportDocument(source, tempDir.toString(), Collections.emptySet(), new HtmlIndexExportFormatter());

            assertFalse(Files.exists(outsideDir.resolve("secret.html")), "File must not be written outside base directory via symlink");

labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL
labels.oic_scope=Scope
labels.oic_base_url=Base URL

labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL
labels.oic_scope=Scope
labels.oic_base_url=Base URL

labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL
labels.oic_scope=Scope
labels.oic_base_url=Base URL

labels.ldap_security_authentication=Security Authentication
labels.ldap_initial_context_factory=Initial Context Factory
labels.general_menu_oic=OpenID Connect
labels.oic_client_id=Client ID
labels.oic_client_secret=Client Secret
labels.oic_auth_server_url=Authorization Server URL
labels.oic_token_server_url=Token Server URL
labels.oic_redirect_url=Redirect URL
labels.oic_scope=Scope
labels.oic_base_url=Base URL