Description
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Affected products
- certifi / python-certifi>= 2015.04.28, < 2023.07.22 – >= 2015.04.28, < 2023.07.22
References
- VENDOR_ADVISORYhttps://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
- PATCHhttps://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909
- MISChttps://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/