Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2024-39689
HistoryJul 05, 2024 - 7:15 p.m.

CVE-2024-39689

2024-07-0519:15:10
Debian Security Bug Tracker
security-tracker.debian.org
6
cve-2024-39689
certifi
root certificates
validation
unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0

Percentile

15.8%

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from GLOBALTRUST. Certifi 2024.07.04 removes root certificates from GLOBALTRUST from the root store. These are in the process of being removed from Mozilla’s trust store. GLOBALTRUST’s root certificates are being removed pursuant to an investigation which identified “long-running and unresolved compliance issues.”

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0

Percentile

15.8%