TF 0132 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The etcd service is not configured with the --peer-cert-file and --peer-key-file arguments, meaning TLS encryption is not enforced for communication between etcd peers. This leaves peer traffic unencrypted and vulnerable to interception.
Impact
Without TLS encryption on peer connections, sensitive data and cluster operations can be exposed or tampered with by attackers on the network, potentially leading to data breaches, unauthorized cluster manipulation, or denial of service.
Resolution
Follow the etcd service documentation and configure peer TLS encryption as appropriate for your etcd cluster. Then, edit the etcd pod specification file /etc/kubernetes/manifests/etcd.yaml on the master node and set the below parameters.