Elliott-Beach

**Name of the Vulnerable Software and Affected Versions** Kubernetes C# client versions prior to 17.0.14 **Description** A flaw exists in the Kubernetes C# client's certificate validation logic, allowing it to accept certificates from any Certificate Authority (CA) without proper trust chain verification. This can enable a malicious actor to present a forged certificate, potentially intercepting or manipulating communication with the Kubernetes API server, leading to man-in-the-middle attacks and API impersonation. **Recommendations** Kubernetes C# client versions prior to 17.0.14 should be updated to version 17.0.14 or later. As an alternative, move the CA certificates into the system trust store instead of specifying them in the kubeconfig file.