CVE-2024-39689

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-39689
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
Configurations

No configuration.

History

21 Nov 2024, 09:28

Type Values Removed Values Added
References () https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463 - () https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463 -
References () https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc - () https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc -
References () https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI - () https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI -

08 Jul 2024, 15:49

Type Values Removed Values Added
Summary
  • (es) Certifi es una colección seleccionada de certificados raíz para validar la confiabilidad de los certificados SSL mientras se verifica la identidad de los hosts TLS. Certifi a partir de 2021.05.30 y antes de 2024.07.4 reconoció los certificados raíz de `GLOBALTRUST`. Certifi 2024.07.04 elimina los certificados raíz de `GLOBALTRUST` del almacén raíz. Estos están en proceso de ser eliminados del almacén de confianza de Mozilla. Los certificados raíz de "GLOBALTRUST" se están eliminando tras una investigación que identificó "problemas de cumplimiento de larga duración y no resueltos".

05 Jul 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-05 19:15

Updated : 2024-11-21 09:28

NVD link : CVE-2024-39689

Mitre link : CVE-2024-39689

CVE.ORG link : CVE-2024-39689

JSON object : View

Products Affected

No product.

CWE
CWE-345

Insufficient Verification of Data Authenticity


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024