Описание
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.
Отчет
While eTurgra certificates being marked as untrusted by Mozilla is significant from a trust and security standpoint, this is still considered a low severity issue. The certificates were removed from Mozilla's root store in July 2023, indicating a proactive response to security concerns. Additionally, Red Hat does not run its own root store program, but depends on Mozilla for ssl certificates and Microsoft for signing certificates. These certs are included and marked as don't trust and will not be removed until Mozilla removes them. Browsers are most at risk, which already understand and parse 'don't trust after'. If python-fi is required not to trust these certs, they should parse the 'don't trust after' attribute.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | python-certifi | Not affected | ||
| Red Hat Ceph Storage 4 | python-certifi | Affected | ||
| Red Hat Ceph Storage 5 | python-certifi | Affected | ||
| Red Hat Ceph Storage 6 | python-certifi | Affected | ||
| Red Hat Enterprise Linux 6 | ca-certificates | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ca-certificates | Out of support scope | ||
| Red Hat Enterprise Linux 8 | python39:3.9/python3x-pip | Not affected | ||
| Red Hat Enterprise Linux 8 | python3-azure-sdk | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | python-certifi | Out of support scope | ||
| Red Hat Openshift Container Storage 4 | python-certifi | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
9.1 Critical
CVSS3
Связанные уязвимости
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
Certifi is a curated collection of Root Certificates for validating th ...
EPSS
9.1 Critical
CVSS3