CVE-2024-39689
Last modified
CVE-2024-39689 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. EPSS estimates a 1.05% chance of exploitation in the next 30 days.
Description
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Certifi | Certifi | >= 2021.5.30, < 2024.7.4 |
| Netapp | Management Services For Element Software And Netapp Hci | All versions |
| Netapp | Ontap Select Deploy Administration Utility | All versions |
| Netapp | Ontap Tools | 10 |
References
- https://security.netapp.com/advisory/ntap-20241206-0001/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-39689?
How severe is CVE-2024-39689?
How do I fix CVE-2024-39689?
Are you affected by CVE-2024-39689?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST