Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2023-37920

Insufficient Verification of Data Authenticity

Published: Jul 25, 2023 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
9.1 LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Ubuntu
NEGLIGIBLE
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2023-37920
CWEhttps://cwe.mitre.org/data/definitions/345.html

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes e-Tugra root certificates. e-Tugras root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from e-Tugra from the root store.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name Vendor Start Version End Version
Certifi Kennethreitz 2015.04.28 (including) 2023.07.22 (excluding)
Python-certifi Ubuntu bionic *
Python-certifi Ubuntu devel *
Python-certifi Ubuntu esm-apps/xenial *
Python-certifi Ubuntu esm-infra/bionic *
Python-certifi Ubuntu focal *
Python-certifi Ubuntu jammy *
Python-certifi Ubuntu kinetic *
Python-certifi Ubuntu lunar *
Python-certifi Ubuntu mantic *
Python-certifi Ubuntu trusty *
Python-certifi Ubuntu upstream *
Python-certifi Ubuntu xenial *
Python-pip Ubuntu bionic *
Python-pip Ubuntu devel *
Python-pip Ubuntu esm-apps/bionic *
Python-pip Ubuntu esm-apps/focal *
Python-pip Ubuntu esm-apps/jammy *
Python-pip Ubuntu esm-apps/xenial *
Python-pip Ubuntu esm-infra-legacy/trusty *
Python-pip Ubuntu focal *
Python-pip Ubuntu jammy *
Python-pip Ubuntu kinetic *
Python-pip Ubuntu lunar *
Python-pip Ubuntu mantic *
Python-pip Ubuntu trusty *
Python-pip Ubuntu trusty/esm *
Python-pip Ubuntu xenial *
Red Hat Enterprise Linux 8 RedHat fence-agents-0:4.2.1-121.el8_9.2 *
Red Hat Enterprise Linux 8 RedHat ca-certificates-0:2024.2.69_v8.0.303-80.0.el8_10 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat fence-agents-0:4.2.1-30.el8_1.10 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat fence-agents-0:4.2.1-41.el8_2.12 *
Red Hat Enterprise Linux 8.2 Telecommunications Update Service RedHat fence-agents-0:4.2.1-41.el8_2.12 *
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions RedHat fence-agents-0:4.2.1-41.el8_2.12 *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat fence-agents-0:4.2.1-65.el8_4.13 *
Red Hat Enterprise Linux 8.4 Telecommunications Update Service RedHat fence-agents-0:4.2.1-65.el8_4.13 *
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions RedHat fence-agents-0:4.2.1-65.el8_4.13 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat fence-agents-0:4.2.1-89.el8_6.10 *
Red Hat Enterprise Linux 8.8 Extended Update Support RedHat fence-agents-0:4.2.1-112.el8_8.2 *
Red Hat Enterprise Linux 9 RedHat fence-agents-0:4.10.0-55.el9_3.2 *
Red Hat Enterprise Linux 9 RedHat ca-certificates-0:2024.2.69_v8.0.303-91.4.el9_4 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat fence-agents-0:4.10.0-20.el9_0.10 *
Red Hat Enterprise Linux 9.2 Extended Update Support RedHat fence-agents-0:4.10.0-43.el9_2.2 *
Red Hat OpenShift Container Platform 4.17 RedHat openshift4/ose-ansible-rhel9-operator:v4.17.0-202410112132.p0.g1d4d62e.assembly.stream.el9 *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use