If you discover a security vulnerability, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
- Email the maintainers directly, or
- Open a private security advisory on GitHub
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
When using KubeAI Autoscaler:
Use minimal RBAC permissions:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kubeai-autoscaler
rules:
- apiGroups: ["apps"]
resources: ["deployments/scale"]
verbs: ["get", "update"]
- apiGroups: ["kubeai.io"]
resources: ["aiinferenceautoscalerpolicies"]
verbs: ["get", "list", "watch", "update"]Restrict controller network access:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: kubeai-autoscaler
spec:
podSelector:
matchLabels:
app: kubeai-autoscaler
policyTypes:
- Egress
egress:
- to:
- namespaceSelector: {}
ports:
- port: 443 # Kubernetes API
- port: 9090 # Prometheus- Never hardcode credentials
- Use Kubernetes Secrets or external secret managers
- Rotate credentials regularly
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We follow responsible disclosure practices and will acknowledge reports within 48 hours.