Vulnerability Bulletins

Disclosed security vulnerabilities and their mitigation.

Keptn-Vulnerability-2022-001

Webhook Service for Keptn is vulnerable to token leaks and access the Kubernetes APIs

Keptn-Vulnerability-2021-001

JMeter Service for Keptn is vulnerable to log4shell

Keptn-Vulnerability-2020-002

RBAC cluster-admin role given to Keptn services by default

Keptn-Vulnerability-2020-001

Keptn is shipping an outdated and unsupported version of Istio