Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-23491

Опубликовано: 07 дек. 2022
Источник: nvd
CVSS3: 6.8
CVSS3: 7.5
EPSS Низкий

Описание

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:certifi:certifi:*:*:*:*:*:python:*:*
Версия от 2017.11.5 (включая) до 2022.12.7 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*

EPSS

Процентиль: 12%
0.00042
Низкий

6.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-345
CWE-345

Связанные уязвимости

ubuntu логотип

CVE-2022-23491

CVSS3: 6.8
ubuntu
больше 2 лет назад

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

redhat логотип

CVE-2022-23491

CVSS3: 7.5
redhat
больше 2 лет назад

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

debian логотип

CVE-2022-23491

CVSS3: 6.8
debian
больше 2 лет назад

Certifi is a curated collection of Root Certificates for validating th ...

suse-cvrf логотип

SUSE-SU-2023:0139-1

suse-cvrf
больше 2 лет назад

Security update for python-certifi

redos логотип

ROS-20230619-03

CVSS3: 7.5
redos
около 2 лет назад

Уязвимость python-certifi

EPSS

Процентиль: 12%
0.00042
Низкий

6.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-345
CWE-345