GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

### Impact

There is a vulnerability in [Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2024-35255).

### References

- [CVE-2024-35255](https://nvd.nist.gov/vuln/detail/CVE-2024-35255)

### Patches

- https://github.com/traefik/traefik/releases/tag/v2.11.5
- https://github.com/traefik/traefik/releases/tag/v3.0.3

### Workarounds

No workaround.

### For more information

If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).

**ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability**

Moderate severity GitHub Reviewed Published Jun 20, 2024 in traefik/traefik • Updated Jun 20, 2024

Headline

GHSA-rvj4-q8q5-8grf: ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

Impact

References

Patches

Workarounds

For more information

ghsa: Latest News