CVE-2024-39689

Description

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Trends

Current EPSS score: 26.30%• Percentile: 96%

Techniques & Countermeasures

• CWE-345•Insufficient Verification of Data Authenticity

  The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Systems

• certifi•certifi

  ≥ 2021.5.30, < 2024.7.4

• certifi•python-certifi

  ≥ 2021.5.30, < 2024.7.4

• netapp•management_services_for_element_software_and_netapp_hci

  na

• netapp•ontap_select_deploy_administration_utility

  na

• netapp•ontap_tools

  10

• PyPI•certifi

  ≥ 2021.5.30, < 2024.7.4 | < bd8153872e9c6fc98f4023df9c2deaffea2fa463

References (8)

• https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
• https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
• https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
• https://security.netapp.com/advisory/ntap-20241206-0001/
• https://nvd.nist.gov/vuln/detail/CVE-2024-39689
• https://github.com/certifi/python-certifi
• https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2024-230.yaml
• https://security.netapp.com/advisory/ntap-20241206-0001