throw new IOException("Invalid SecurityDescriptor");
            }

            aces = new ACE[numAces];
            for (int i = 0; i < numAces; i++) {
                aces[i] = new ACE();
                bufferIndex += aces[i].decode(buffer, bufferIndex);
            }
        } else {
            aces = null;
        }

        return bufferIndex - start;
    }

    @Override

    @DisplayName("Test getAces returns correct ACE array")
    void testGetAces() throws SMBProtocolDecodingException {
        prepareSecurityDescriptorBufferWithDACL(testBuffer, 0, 3);

        securityDescriptor.decode(testBuffer, 0, testBuffer.length);

        ACE[] aces = securityDescriptor.getAces();
        assertNotNull(aces);
        assertEquals(3, aces.length);
        for (ACE ace : aces) {
            assertNotNull(ace);

    }

    /**
     * Returns the security descriptor of the share as an array of ACEs.
     *
     * @return an array of ACE objects representing the share's security descriptor
     * @throws IOException if there is an error retrieving the security information
     */
    public ACE[] getSecurity() throws IOException {
        final srvsvc.ShareInfo502 info502 = (srvsvc.ShareInfo502) info;

    }

    /**
     * Returns the security descriptor of the share as an array of ACEs.
     *
     * @return an array of ACE objects representing the share's security descriptor
     * @throws IOException if there is an error retrieving the security information
     */
    public ACE[] getSecurity() throws IOException {
        final srvsvc.ShareInfo502 info502 = (srvsvc.ShareInfo502) this.info;

     *            Attempt to resolve the SIDs within each ACE form
     *            their numeric representation to their corresponding account names.
     * @return array of ACEs
     * @throws IOException if an I/O error occurs
     */
    ACE[] getSecurity(boolean resolveSids) throws IOException;

    /**
     * Return an array of Access Control Entry (ACE) objects representing

    }

    private void processAces(final ACE[] aces, final boolean resolveSids) throws IOException {
        final String server = getServerWithDfs();
        int ai;

        if (resolveSids) {
            final SID[] sids = new SID[aces.length];
            final String[] names = null;

            for (ai = 0; ai < aces.length; ai++) {
                sids[ai] = aces[ai].sid;
            }

                    throw new SmbException(rpc.retval, true);
                }
                aces = rpc.getSecurity();
                if (aces != null) {
                    processAces(aces, resolveSids);
                }
            }
            return aces;
        }
    }

        // Test combinations with FLAGS_INHERITED
        ace.flags = ACE.FLAGS_INHERITED | ACE.FLAGS_OBJECT_INHERIT;
        assertTrue(ace.isInherited());

        ace.flags = ACE.FLAGS_INHERITED | ACE.FLAGS_CONTAINER_INHERIT;
        assertTrue(ace.isInherited());

        ace.flags = ACE.FLAGS_INHERITED | ACE.FLAGS_NO_PROPAGATE;
        assertTrue(ace.isInherited());

        filePermissions = () -> asFileAttribute(PosixFilePermissions.fromString("rw-------"));
        directoryPermissions = () -> asFileAttribute(PosixFilePermissions.fromString("rwx------"));
      } else if (views.contains("acl")) {
        filePermissions = directoryPermissions = userPermissions();
      } else {
        filePermissions =
            directoryPermissions =
                () -> {

  - kubelet 1.29.7
  - kubelet 1.30.3 

This vulnerability was reported by Paulo Gomes @pjbgf from SUSE.


**CVSS Rating:** Medium (6.1) [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)

## Changes by Kind

### Feature