K3s supports responsible disclosure and endeavors to resolve security issues in a reasonable timeframe. To report a security vulnerability, email [email protected] .
Security: k3s-io/k3s
Security
.github/SECURITY.md
-
K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attackGHSA-m4hf-6vgr-75r2 published
Sep 8, 2023 by cwayne18High -
K3S bootstrap data is encrypted with empty string if user does not supply a tokenGHSA-cxm9-4m6p-24mc published
Jul 23, 2021 by davidnuzikModerate
Learn more about advisories related to k3s-io/k3s in the GitHub Advisory Database