Cben

**Name of the Vulnerable Software and Affected Versions** kubeclient versions prior to 4.9.3 **Description** The issue is related to errors in the certificate authentication procedure of the Kubeclient::Config class in the Kubernetes REST API client. This can allow a remote attacker to perform a Man-in-the-middle (MITM) attack. The problem arises when the kubeconfig file does not configure a custom CA to verify certificates, causing kubeclient to accept any certificate. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider configuring a custom CA to verify certificates in the kubeconfig file to minimize the risk of exploitation. Restrict access to sensitive resources until the update is applied.