CVE-2024-39689

CWE-3458 documents6 sources
Severity
7.5HIGH
EPSS
21.2%
top 4.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Certifi CertifiCertifi Python-certifiNetapp Ontap Tools
Timeline
PublishedJul 5

Description

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identif

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

PyPIcertifi2021.5.302024.7.4+2
NVDcertifi/certifi2021.5.302024.7.4
Debianpython-certifi< 2024.8.30-1+1
CVEListV5certifi/python-certifi>= 2021.5.30, < 2024.7.4

Also affects: Ontap Tools 10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
CVE-2024-39689: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts2024-07-05
CVEList
Certifi removes GLOBALTRUST root certificate2024-07-05
GHSA
Certifi removes GLOBALTRUST root certificate2024-07-05
OSV
Certifi removes GLOBALTRUST root certificate2024-07-05
OSV
CVE-2024-39689: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts2024-07-05

📋Vendor Advisories

2
Red Hat
python-certifi: Remove root certificates from `GLOBALTRUST` from the root store2024-07-03
Debian
CVE-2024-39689: python-certifi - Certifi is a curated collection of Root Certificates for validating the trustwor...2024
CVE-2024-39689 (HIGH CVSS 7.5) | Certifi is a curated collection of | cvebase.io