You might want to be more specific about the meaning of "between" here. It's not a cryptographic MITM attack, and if it ever facilitated someone else in performing one, that should be detectable.

https://en.wikipedia.org/wiki/Certificate_Transparency

(It's also true that the level of active monitoring of CT logs has never gotten very high.)