CVE-2022-23491

EUVD-2022-0037
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
GitHub_MCNA
6.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
certificertifi
2017.11.5 ≤
𝑥
< 2022.12.7
netappe-series_performance_analyzer
-
netappmanagement_services_for_element_software
-
netappmanagement_services_for_netapp_hci
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-certifi
bookworm
unimportant
bullseye
unimportant
sid
2024.8.30+dfsg-1
fixed
trixie
2024.8.30+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ca-certificates
bionic
Fixed 20211016ubuntu0.18.04.1
released
focal
Fixed 20211016ubuntu0.20.04.1
released
jammy
Fixed 20211016ubuntu0.22.04.1
released
kinetic
Fixed 20211016ubuntu0.22.10.1
released
trusty
Fixed 20211016~14.04.1~esm1
released
xenial
Fixed 20211016~16.04.1~esm2
released
Common Weakness Enumeration
References
https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ
https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ
https://security.netapp.com/advisory/ntap-20230223-0010/