### CVE-2024-5321: Incorrect permissions on Windows containers logs

A security issue was discovered in Kubernetes clusters with Windows nodes
where BUILTIN\Users may be able to read container logs and NT
AUTHORITY\Authenticated Users may be able to modify container logs.

**Affected Versions**:
  - kubelet <= 1.27.15
  - kubelet <= 1.28.11
  - kubelet <= 1.29.6
  - kubelet <= 1.30.2 

**Fixed Versions**:

  }

  /** See https://api.slack.com/docs/oauth. */
  public HttpUrl authorizeUrl(String scopes, HttpUrl redirectUrl, ByteString state, String team) {
    HttpUrl.Builder builder = baseUrl.newBuilder("/oauth/authorize")
        .addQueryParameter("client_id", clientId)
        .addQueryParameter("scope", scopes)
        .addQueryParameter("redirect_uri", redirectUrl.toString())
        .addQueryParameter("state", state.base64());

You'll see the user interface like:

<img src="/img/tutorial/security/image07.png">

Authorize the application the same way as before.

Using the credentials:

Username: `johndoe`
Password: `secret`

/// check

{* ../../docs_src/security/tutorial005_an_py310.py hl[63:66] *}

Because we are now declaring those scopes, they will show up in the API docs when you log-in/authorize.

And you will be able to select which scopes you want to give access to: `me` and `items`.

This is the same mechanism used when you give permissions while logging in with Facebook, Google, GitHub, etc:

- Kubeadm: fixed a bug when using `kubeadm init --dry-run` with certificate authority files (`ca.key` / `ca.crt`) present in `/etc/kubernetes/pki`) ([#108410](https://github.com/kubernetes/kubernetes/pull/108410), [@Haleygo](https://github.com/Haleygo))

- job_name: minio-job
  metrics_path: /minio/v2/metrics/resource
  scheme: http
  static_configs:
  - targets: ['localhost:9000']
```

### 4. Update `scrape_configs` section in prometheus.yml

To authorize every scrape request, copy and paste the generated `scrape_configs` section in the prometheus.yml and restart the Prometheus service.

### 5. Start Prometheus

Start (or) Restart Prometheus service by running

次のインタラクティブなドキュメントにアクセスしてください: <a href="http://127.0.0.1:8000/docs" class="external-link" target="_blank">http://127.0.0.1:8000/docs</a>。

下記のように見えるでしょう:

<img src="/img/tutorial/security/image01.png">

/// check | "Authorizeボタン!"

すでにピカピカの新しい「Authorize」ボタンがあります。

そして、あなたの*path operation*には、右上にクリックできる小さな鍵アイコンがあります。

///

それをクリックすると、`ユーザー名`と`パスワード` (およびその他のオプションフィールド) を入力する小さな認証フォームが表示されます:

<img src="/img/tutorial/security/image02.png">

### CVE-2024-5321: Incorrect permissions on Windows containers logs

A security issue was discovered in Kubernetes clusters with Windows nodes
where BUILTIN\Users may be able to read container logs and NT
AUTHORITY\Authenticated Users may be able to modify container logs.

**Affected Versions**:
  - kubelet <= 1.27.15
  - kubelet <= 1.28.11
  - kubelet <= 1.29.6
  - kubelet <= 1.30.2 

**Fixed Versions**:

        <match value="45" type="string" offset="20">
          <!-- bibliographic -->
          <match value="[acdnp][acdefgijkmoprt][abcdims]" type="regex" offset="5"/>
          <!-- authority-->
          <match value="[acdnosx]z" type="regex" offset="5"/>
          <!-- holdings -->
          <match value="[cdn][uvxy]" type="regex" offset="5"/>
          <!-- classification -->

Вы увидите примерно следующее:

<img src="/img/tutorial/security/image01.png">

/// check | "Кнопка авторизации!"

У вас уже появилась новая кнопка "Authorize".

А у *операции пути* теперь появился маленький замочек в правом верхнем углу, на который можно нажать.

///