CVE-2024-39689

EUVD-2024-2220
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
certificertifi
2021.5.30 ≤
𝑥
< 2024.7.4
netappmanagement_services_for_element_software_and_netapp_hci
-
netappontap_select_deploy_administration_utility
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-certifi
bookworm
unimportant
bullseye
unimportant
forky
2025.11.12+ds-1
fixed
sid
2025.11.12+ds-1
fixed
trixie
2025.1.31+ds-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-certifi
bionic
not-affected
focal
not-affected
jammy
not-affected
mantic
ignored
noble
not-affected
xenial
not-affected
python-pip
bionic
not-affected
focal
not-affected
jammy
not-affected
mantic
ignored
noble
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
https://security.netapp.com/advisory/ntap-20241206-0001/