### CVE-2024-5321: Incorrect permissions on Windows containers logs

A security issue was discovered in Kubernetes clusters with Windows nodes
where BUILTIN\Users may be able to read container logs and NT
AUTHORITY\Authenticated Users may be able to modify container logs.

**Affected Versions**:
  - kubelet <= 1.27.15
  - kubelet <= 1.28.11
  - kubelet <= 1.29.6
  - kubelet <= 1.30.2 

    }

    protected void registerModifiedProperty(String propertyName) {
        __modifiedProperties.addPropertyName(propertyName);
        registerSpecifiedProperty(propertyName); // synchronize if exists, basically for user's manual call
    }

    public void modifiedToSpecified() {
        if (__modifiedProperties.isEmpty()) {
            return; // basically no way when called in Framework (because called when SpecifyColumn exists)

    * `implicit`
    * `clientCredentials`
    * `authorizationCode`
  * Pero hay un "flujo" específico que puede usarse perfectamente para manejar la autenticación directamente en la misma aplicación:
    * `password`: algunos de los próximos capítulos cubrirán ejemplos de esto.

```plaintext
C:\Users\user\code\awesome-project\.venv\Scripts;C:\Windows\System32
```

これは、OSが他のディレクトリを探すより前に、最初に以下のディレクトリ中でプログラムを探し始めることを意味します：

```plaintext
C:\Users\user\code\awesome-project\.venv\Scripts
```

そのため、ターミナルで `python` と入力した際に、OSはPythonプログラムを以下のパスで発見し、使用します。

```plaintext
C:\Users\user\code\awesome-project\.venv\Scripts\python
```

////

  /**
   * As described in <a href="http://www.ietf.org/rfc/rfc3023.txt">RFC 3023</a>, this constant
   * ({@code application/xml}) is used for XML documents that are "unreadable by casual users."
   * {@link #XML_UTF_8} is provided for documents that may be read by users.
   *
   * @since 14.0
   */
  public static final MediaType APPLICATION_XML_UTF_8 = createConstantUtf8(APPLICATION_TYPE, "xml");

    announcement including an appropriate copyright notice and a notice
    that there is no warranty (or else, saying that you provide a
    warranty) and that users may redistribute the program under these
    conditions, and telling the user how to view a copy of this License.
    (Exception: if the Program itself is interactive but does not
    normally print such an announcement, your work based on the Program

### `**user_in.dict()`について

#### Pydanticの`.dict()`

`user_in`は`UserIn`クラスのPydanticモデルです。

Pydanticモデルには、モデルのデータを含む`dict`を返す`.dict()`メソッドがあります。

そこで、以下のようなPydanticオブジェクト`user_in`を作成すると:

```Python
user_in = UserIn(username="john", password="secret", email="******@****.***")
```

そして呼び出すと:

```Python
user_dict = user_in.dict()
```

/// check | Verifique

Observe que em nenhuma parte do código está a senha em texto puro "`secret`", nós temos apenas o hash.

///

<img src="/img/tutorial/security/image08.png">

Chame o endpoint `/users/me/`, você receberá o retorno como:

```JSON
{
  "username": "johndoe",
  "email": "******@****.***",
  "full_name": "John Doe",
  "disabled": false
}
```

 * <ul>
 *   <li><a href="https://dagger.dev/producers.html">Dagger Producers</a>
 * </ul>
 *
 * <h4>{@link java.util.concurrent.CompletableFuture} / {@link java.util.concurrent.CompletionStage}
 * </h4>
 *
 * <p>Users of {@code CompletableFuture} will likely want to continue using {@code
 * CompletableFuture}. {@code FluentFuture} is targeted at people who use {@code ListenableFuture},

adding an OwnerReference

A vulnerability exists in the NodeRestriction admission controller where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection. By default, node users are authorized for create and patch requests but not delete requests against their node object. Since the NodeRestriction...