CVE-2024-39689

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
certificertifi
2021.5.30 ≤
𝑥
< 2024.7.4
netappmanagement_services_for_element_software_and_netapp_hci
-
netappontap_select_deploy_administration_utility
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-certifi
bullseye
unimportant
bookworm
unimportant
sid
2025.1.31+ds-1
fixed
trixie
2025.1.31+ds-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-certifi
noble
ignored
mantic
ignored
jammy
ignored
focal
ignored
bionic
ignored
xenial
ignored
python-pip
noble
ignored
mantic
ignored
jammy
ignored
focal
ignored
bionic
ignored
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
https://security.netapp.com/advisory/ntap-20241206-0001/