Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2024-39689

Public on 2024-07-05
Modified on 2024-07-19
Description

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

Severity
Low
See what this means
CVSS v3 Base Score
3.7
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core ca-certificates 2024-08-01 03:01 ALAS2-2024-2607
Amazon Linux 2023 ca-certificates 2024-08-01 04:06 ALAS2023-2024-682

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

Red Hat: CVE-2024-39689 Mitre: CVE-2024-39689 FAQs regarding Amazon Linux ALAS/CVE Severity