CVE-2022-23491

CWE-34510 documents7 sources
Severity
7.5HIGH
EPSS
0.1%
top 83.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Certifi Python-certifiCertifi Certifi
Timeline
PublishedDec 7
Latest updateOct 15

Description

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages4 packages

PyPIcertifi2017.11.052022.12.07
NVDcertifi/certifi2017.11.52022.12.7
CVEListV5certifi/python-certifi< 2022.12.07
Debianpython-certifi< 2023.7.22-1+1

🔴Vulnerability Details

4
OSV
Certifi removing TrustCor root certificate2022-12-07
CVEList
Removal of TrustCor root certificate2022-12-07
OSV
CVE-2022-23491: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts2022-12-07
GHSA
Certifi removing TrustCor root certificate2022-12-07

📋Vendor Advisories

5
Oracle
Oracle Oracle Database Server Risk Matrix: OML4Py (cryptography) — CVE-2022-234912023-10-15
Oracle
Oracle Oracle PeopleSoft Risk Matrix: Porting (Certifi) — CVE-2022-234912023-07-15
Oracle
Oracle Oracle Communications Risk Matrix: Installation (Certifi) — CVE-2022-234912023-04-15
Red Hat
python-certifi: untrusted root certificates2022-12-07
Debian
CVE-2022-23491: python-certifi - Certifi is a curated collection of Root Certificates for validating the trustwor...2022
CVE-2022-23491 (HIGH CVSS 7.5) | Certifi is a curated collection of | cvebase.io