CVE-2024-39689

Certifi removes GLOBALTRUST root certificate

Description

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

INFO

Published Date :

2024-07-05T18:39:33.202Z

Last Modified :

2025-02-14T23:19:13.111Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-39689 vulnerability.

Vendors	Products
Certifi	Certifi
Netapp	Management Services For Element Software And Netapp Hci Ontap Select Deploy Administration Utility Ontap Tools

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-39689.

URL	Resource
https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
https://nvd.nist.gov/vuln/detail/CVE-2024-39689
https://security.netapp.com/advisory/ntap-20241206-0001/
https://www.cve.org/CVERecord?id=CVE-2024-39689

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact