7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.0005 Low
EPSS
Percentile
17.6%
Certifi is a curated collection of Root Certificates for validating the
trustworthiness of SSL certificates while verifying the identity of TLS
hosts. Certifi 2022.12.07 removes root certificates from “TrustCor” from
the root store. These are in the process of being removed from Mozilla’s
trust store. TrustCor’s root certificates are being removed pursuant to an
investigation prompted by media reporting that TrustCor’s ownership also
operated a business that produced spyware. Conclusions of Mozilla’s
investigation can be found in the linked google group discussion.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | ca-certificates | < 20211016ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | ca-certificates | < 20211016ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | ca-certificates | < 20211016ubuntu0.22.04.1 | UNKNOWN |
ubuntu | 22.10 | noarch | ca-certificates | < 20211016ubuntu0.22.10.1 | UNKNOWN |
ubuntu | 14.04 | noarch | ca-certificates | < 20211016~14.04.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | ca-certificates | < 20211016~16.04.1~esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ
launchpad.net/bugs/cve/CVE-2022-23491
nvd.nist.gov/vuln/detail/CVE-2022-23491
security-tracker.debian.org/tracker/CVE-2022-23491
ubuntu.com/security/notices/USN-5761-1
ubuntu.com/security/notices/USN-5761-2
www.cve.org/CVERecord?id=CVE-2022-23491
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.0005 Low
EPSS
Percentile
17.6%