7.5

CVE-2024-39689

EPSS 21.23%
Veröffentlicht 05.07.2024 19:15:10
Zuletzt bearbeitet 15.02.2025 00:15:13
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Certifi ≫ Certifi SwPlatformpython Version >= 2021.5.30 < 2024.7.4

Netapp ≫ Management Services For Element Software And Netapp Hci Version-

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Netapp ≫ Ontap Tools Version10 SwPlatformvmware_vsphere

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	21.23%	0.954

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463

Patch

https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc

Vendor Advisory

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI

Mailing List

https://security.netapp.com/advisory/ntap-20241206-0001/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-39689

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39689

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39689

EUVD