Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2022-23491

Public on 2022-12-07
Modified on 2024-02-13
Description

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Severity
Important
See what this means
CVSS v3 Base Score
7.5
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 ca-certificates 2023-02-17 00:02 ALAS-2023-1690
Amazon Linux 2 - Core ca-certificates 2023-02-17 00:12 ALAS2-2023-1957
Amazon Linux 2023 ca-certificates 2023-02-17 20:45 ALAS2023-2023-061
Amazon Linux 2023 python-certifi 2023-02-17 20:45 ALAS2023-2023-062

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N