CVE-2024-39689

Опубликовано: 05 июл. 2024

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates from GLOBALTRUST from the root store. These are in the process of being removed from Mozilla's trust store. GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

Ссылки

https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
Patch
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
Vendor Advisory
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
Mailing List
https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
Patch
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
Vendor Advisory
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
Mailing List
https://security.netapp.com/advisory/ntap-20241206-0001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:certifi:certifi:*:*:*:*:*:python:*:*

Версия от 2021.5.30 (включая) до 2024.7.4 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*

EPSS

Процентиль: 95%

0.21233

Средний

7.5 High

CVSS3

Дефекты

CWE-345

Связанные уязвимости

CVE-2024-39689

CVSS3: 7.5

ubuntu

больше 1 года назад

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

CVE-2024-39689

CVSS3: 3.7

redhat

больше 1 года назад

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

CVE-2024-39689

CVSS3: 7.5

debian

больше 1 года назад

Certifi is a curated collection of Root Certificates for validating th ...

GHSA-248v-346w-9cwc

github

больше 1 года назад

Certifi removes GLOBALTRUST root certificate

BDU:2024-07771

CVSS3: 7.5

fstec

больше 1 года назад

Уязвимость пакета для проверки надежности сертификатов SSL Certifi, связанная с недостаточной проверкой подлинности данных, позволяющая нарушителю оказать влияние на целостность защищаемой информации

EPSS

Процентиль: 95%

0.21233

Средний

7.5 High

CVSS3

Дефекты

CWE-345