CVE-2024-39689

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates from GLOBALTRUST from the root store. These are in the process of being removed from Mozillas trust store. GLOBALTRUSTs root certificates are being removed pursuant to an investigation which identified long-running and unresolved compliance issues.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/111.html
• https://cwe.mitre.org/data/definitions/141.html
• https://cwe.mitre.org/data/definitions/142.html
• https://cwe.mitre.org/data/definitions/148.html
• https://cwe.mitre.org/data/definitions/218.html
• https://cwe.mitre.org/data/definitions/384.html
• https://cwe.mitre.org/data/definitions/385.html
• https://cwe.mitre.org/data/definitions/386.html
• https://cwe.mitre.org/data/definitions/387.html
• https://cwe.mitre.org/data/definitions/388.html
• https://cwe.mitre.org/data/definitions/665.html
• https://cwe.mitre.org/data/definitions/701.html

References

• https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
• https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
• https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
• https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
• https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
• https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
• https://security.netapp.com/advisory/ntap-20241206-0001/