TF 0111 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that the scheduler config file permissions are set to 600 or more restrictive
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The Kubernetes scheduler configuration file (/etc/kubernetes/scheduler.conf) is set with permissions that are too permissive, allowing unauthorized users to read, modify, or overwrite the file. This exposes sensitive scheduler credentials and settings to anyone with access permissions beyond the owner.
Impact
If exploited, unauthorized users could gain access to or alter the Kubernetes scheduler's configuration, potentially compromising cluster operations, escalating privileges, or disrupting services. This could lead to cluster-wide security breaches or outages.
Resolution
Change the scheduler config file /etc/kubernetes/scheduler.conf permissions of 600 or more restrictive