API server pod specification file ownership is not set to root:root

Best practices

API server pod specification file ownership is not set to root:root

Platform(s)

Compliance Frameworks

CCPA
CPRA
iso_27001_2022
iso_27002_2022
K8s CIS
Mitre ATT&CK
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
STIG K8s
UK Cyber Essentials

Description

It was found that the API server pod specification file's owner is not set to root. Setting the file's owner to a low privileged user allows the modification of the file by this user and expose the configuration file to unwanted modification.

Demo the Orca Platform-> In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.

API server pod specification file ownership is not set to root:root

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS