github.com/openshift/machine-config-operator uses insecure file permissions. The permissions of the file /etc/kubernetes/kubeconfig
is overly permissive. An attacker with access to a running container that mounts /etc/kubernetes
or has local access to the node will be able to copy the kubeconfig file and attempt to add their own rogue node to the OpenShift cluster.