9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Certifi 2023.07.22 removes root certificates from “e-Tugra” from the root store. These are in the process of being removed from Mozilla’s trust store.
e-Tugra’s root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla’s investigation can be found here.
github.com/advisories/GHSA-xqr8-7jwr-rhp7
github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909
github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2023-135.yaml
groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A
lists.fedoraproject.org/archives/list/[email protected]/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/
nvd.nist.gov/vuln/detail/CVE-2023-37920