TF 0479 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that the client certificate authorities file ownership is set to root:root
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The client certificate authorities file is not owned by root:root, which allows unauthorized users or processes to modify trusted CA certificates. This misconfiguration undermines the trust model of certificate-based authentication.
Impact
If exploited, attackers could replace or tamper with CA certificates, enabling them to intercept, decrypt, or impersonate secure communications within the cluster, potentially leading to privilege escalation or total compromise of the environment.
Resolution
Change the certificate authorities file ownership to root:root