if (name.startsWith("jcifs.")) {
                p.setProperty(name, getInitParameter(name));
            }
        }

        try {
            if (p.getProperty("jcifs.smb.client.username") == null) {
                new NtlmSsp();
            } else {
                this.credentialsSupplied = true;
            }

            try {

	public fun toString ()Ljava/lang/String;
	public final fun topPrivateDomain ()Ljava/lang/String;
	public final fun uri ()Ljava/net/URI;
	public final fun url ()Ljava/net/URL;
	public final fun username ()Ljava/lang/String;
}

public final class okhttp3/HttpUrl$Builder {
	public fun <init> ()V
	public final fun addEncodedPathSegment (Ljava/lang/String;)Lokhttp3/HttpUrl$Builder;

To upgrade, refer to this documentation _For core Kubernetes:_ https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster 

**Detection**:

Kubernetes Audit logs may indicate if the user name was misspelled to bypass the restriction placed on which user is a pod allowed to run as.

If you find evidence that this vulnerability has been exploited, please contact ******@****.***

**Additional Details**:

            if (name.startsWith("jcifs.smb1.")) {
                Config.setProperty(name, getInitParameter(name));
            }
        }

        if (Config.getProperty("jcifs.smb1.smb.client.username") == null) {
            ntlmSsp = new NtlmSsp();
        } else {
            credentialsSupplied = true;
        }

        try {
            mimeMap = new MimeMap();

To upgrade, refer to this documentation _For core Kubernetes:_ https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster 

### Detection

Kubernetes Audit logs may indicate if the user name was misspelled to bypass the restriction placed on which user is a pod allowed to run as.

If you find evidence that this vulnerability has been exploited, please contact ******@****.***

#### Additional Details

* The OpenID Connect authenticator can now use a custom prefix, or omit the default prefix, for username and groups claims through the --oidc-username-prefix and --oidc-groups-prefix flags. For example, the authenticator can map a user with the username "jane" to "google:jane" by supplying the "google:" username prefix. ([#50875](https://github.com/kubernetes/kubernetes/pull/50875), [@ericchiang](https://github.com/ericchiang))

- When configuring a JWT authenticator:
  
  If `username.expression` used 'claims.email', then 'claims.email_verified' must have been used in `username.expression` or `extra[*].valueExpression` or `claimValidationRules[*].expression`. An example claim validation rule expression that matches the validation automatically applied when `username.claim` is set to 'email' is 'claims.?email_verified.orValue(true) == true'.

To upgrade, refer to this documentation _For core Kubernetes:_ https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster 

### Detection

Kubernetes Audit logs may indicate if the user name was misspelled to bypass the restriction placed on which user is a pod allowed to run as.

If you find evidence that this vulnerability has been exploited, please contact ******@****.***

#### Additional Details

Use `Response.challenges()` to get the schemes and realms of any authentication challenges. When fulfilling a `Basic` challenge, use `Credentials.basic(username, password)` to encode the request header.

=== ":material-language-kotlin: Kotlin"
    ```kotlin
      private val client = OkHttpClient.Builder()
          .authenticator(object : Authenticator {

                .put("http.heartbeat_interval", fessConfig.getFesenHeartbeatInterval());
        final String username = fessConfig.getFesenUsername();
        final String password = fessConfig.getFesenPassword();
        if (StringUtil.isNotBlank(username) && StringUtil.isNotBlank(password)) {
            builder.put(Constants.FESEN_USERNAME, username);
            builder.put(Constants.FESEN_PASSWORD, password);
        }