CVE-2024-39689

{"id": "CVE-2024-39689", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-07-05T19:15:10.247", "references": [{"url": "https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI", "tags": ["Mailing List"], "source": "security-advisories@github.com"}, {"url": "https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20241206-0001/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-345"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified \"long-running and unresolved compliance issues.\""}, {"lang": "es", "value": " Certifi es una colecci\u00f3n seleccionada de certificados ra\u00edz para validar la confiabilidad de los certificados SSL mientras se verifica la identidad de los hosts TLS. Certifi a partir de 2021.05.30 y antes de 2024.07.4 reconoci\u00f3 los certificados ra\u00edz de `GLOBALTRUST`. Certifi 2024.07.04 elimina los certificados ra\u00edz de `GLOBALTRUST` del almac\u00e9n ra\u00edz. Estos est\u00e1n en proceso de ser eliminados del almac\u00e9n de confianza de Mozilla. Los certificados ra\u00edz de \"GLOBALTRUST\" se est\u00e1n eliminando tras una investigaci\u00f3n que identific\u00f3 \"problemas de cumplimiento de larga duraci\u00f3n y no resueltos\"."}], "lastModified": "2025-02-12T20:12:19.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:certifi:certifi:*:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "BCBAE7B1-6D3F-435F-9917-28DE8A8DA0B1", "versionEndExcluding": "2024.7.4", "versionStartIncluding": "2021.5.30"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB"}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"}, {"criteria": "cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "5333B745-F7A3-46CB-8437-8668DB08CD6F"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}