Ensure that the controller-manager config file permissions are set to 600 or more restrictive
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The controller-manager configuration file has overly permissive permissions, allowing unauthorized users to read or modify its contents. Secure file permissions (600 or more restrictive) are not enforced, exposing sensitive configuration data.
Impact#
If exploited, attackers with local access could read or alter the controller-manager’s configuration, potentially gaining control over cluster operations or disrupting Kubernetes functionality, leading to privilege escalation or denial of service.
Resolution#
Change the controller manager config file /etc/kubernetes/controller-manager.conf permissions of 600 or more restrictive