Lucene search

K

[email protected]NVD:CVE-2023-37920

HistoryJul 25, 2023 - 9:15 p.m.

CVE-2023-37920

2023-07-2521:15:10

CWE-345

[email protected]

web.nvd.nist.gov

2

certifi

ssl certificates

tls hosts

e-tugra

root certificates

security issues

investigation

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.9%

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes “e-Tugra” root certificates. e-Tugra’s root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from “e-Tugra” from the root store.

Affected configurations

NVD

Node

kennethreitzcertifiRange2015.04.28–2023.07.22python

References

github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909

github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7

groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A

lists.fedoraproject.org/archives/list/[email protected]/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.9%

Related for NVD:CVE-2023-37920

ubuntucve1 alpinelinux1 nessus24 osv5 ibm26 fedora1 openvas1 wolfi1 redhatcve1 cgr1 cvelist1 debiancve1 veracode1 amazon2 cve1 prion1 github1 redos1 redhat9 oraclelinux2 almalinux2 aix1 photon3 ics1