Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23491

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Published

2022-12-07T22:15:09.870

Last Modified

2025-02-12T17:36:19.373

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-345
Type: Primary
CWE-345

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	certifi	certifi	< 2022.12.7	Yes
Application	netapp	e-series_performance_analyzer	-	Yes
Application	netapp	management_services_for_element_software	-	Yes
Application	netapp	management_services_for_netapp_hci	-	Yes

References

https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 Third Party Advisory ([email protected])
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ Mailing List, Third Party Advisory ([email protected])
https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230223-0010/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)