Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2023-37920

Public on 2023-07-25
Modified on 2024-02-03
Description

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

Severity
Important
See what this means
CVSS v3 Base Score
7.5
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 ca-certificates 2023-08-30 17:56 ALAS-2023-1817
Amazon Linux 2 - Core ca-certificates 2023-08-31 22:28 ALAS2-2023-2224
Amazon Linux 2023 ca-certificates 2023-08-17 11:20 ALAS2023-2023-297

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
NVD CVSSv3 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H