If you discover a potential security issue in eksctl project, please follow AWS Vulnerability Reporting process.

Do not open security related issues in the open source project. So that we may more effectively respond to your report, please provide any supporting material (proof-of-concept code, tool output, etc.) that would be useful in helping us understand the nature and severity of the vulnerability.

The information you share with AWS as part of this process is kept confidential within AWS. AWS will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, AWS will only share this information as permitted by you.

AWS is committed to being responsive and keeping you informed of our progress as we investigate and / or mitigate your reported security concern. You will receive a non-automated response to your initial contact within 24 hours, confirming receipt of your reported vulnerability. You will receive progress updates from AWS at least every five US working days.