Kubeapps development is sponsored by VMware and the Kubeapps team encourages users who become aware of a security vulnerability in Kubeapps to report any potential vulnerabilities found to security@vmware.com. If possible, please include a description of the effects of the vulnerability, reproduction steps and a description of in which version of Kubeapps or its dependencies the vulnerability was discovered.
The use of encrypted email is encouraged. The public PGP key can be found at https://kb.vmware.com/kb/1055.
The Kubeapps team hopes that users encountering a new vulnerability will contact us privately as it is in the best interests of our users that the Kubeapps team has an opportunity to investigate and confirm a suspected vulnerability before it becomes public knowledge.
In the case of vulnerabilities found in third-party software components used in Kubeapps, please also notify VMware as described above.