CVE-2022-0759

Name of the Vulnerable Software and Affected Versions kubeclient versions prior to 4.9.3

Description The issue is related to errors in the certificate authentication procedure of the Kubeclient::Config class in the Kubernetes REST API client. This can allow a remote attacker to perform a Man-in-the-middle (MITM) attack. The problem arises when the kubeconfig file does not configure a custom CA to verify certificates, causing kubeclient to accept any certificate.

Recommendations For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue. As a temporary workaround, consider configuring a custom CA to verify certificates in the kubeconfig file to minimize the risk of exploitation. Restrict access to sensitive resources until the update is applied.