← Back

CVE-2024-39689

nvd nist
Published: Jul 5, 2024Modified: Feb 15, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

Affected (4)

Certifi
1 product
Certifi
Netapp
3 products
Management Services For Element Software And Netapp Hci
Ontap Select Deploy Administration Utility
Ontap Tools
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Certifi
From 2021.5.30 to 2024.7.4
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Management Services For Element Software And Netapp Hci
All versions
Ontap Select Deploy Administration Utility
All versions
Ontap Tools
Version 10

Related CWEs

CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (7)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory
Source: security-advisories@github.com
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.