Vulnerability Description
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Certifi | Certifi | >= 2021.5.30, < 2024.7.4 |
| Netapp | Management Services For Element Software And Netapp Hci | - |
| Netapp | Ontap Select Deploy Administration Utility | - |
| Netapp | Ontap Tools | 10 |
Related Weaknesses (CWE)
References
- https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deafPatch
- https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwVendor Advisory
- https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dIMailing List
- https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deafPatch
- https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwVendor Advisory
- https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dIMailing List
- https://security.netapp.com/advisory/ntap-20241206-0001/Third Party Advisory
FAQ
What is CVE-2024-39689?
CVE-2024-39689 is a vulnerability with a CVSS score of 7.5 (HIGH). Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7...
How severe is CVE-2024-39689?
CVE-2024-39689 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39689?
Check the references section above for vendor advisories and patch information. Affected products include: Certifi Certifi, Netapp Management Services For Element Software And Netapp Hci, Netapp Ontap Select Deploy Administration Utility, Netapp Ontap Tools.