CVE-2022-23491

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-23491
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23491.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-23491
Aliases
Related
Published
2022-12-07T22:15:09Z
Modified
2024-10-19T16:47:32.880415Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

References

Affected packages

Debian:11 / python-certifi

Package

Name
python-certifi
Purl
pkg:deb/debian/python-certifi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2020.*

2020.6.20-1

2022.*

2022.6.15-2
2022.9.24-1

2023.*

2023.7.22-1
2023.11.17-1

2024.*

2024.6.2-1
2024.8.30-1
2024.8.30+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / python-certifi

Package

Name
python-certifi
Purl
pkg:deb/debian/python-certifi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2022.*

2022.9.24-1

2023.*

2023.7.22-1
2023.11.17-1

2024.*

2024.6.2-1
2024.8.30-1
2024.8.30+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / python-certifi

Package

Name
python-certifi
Purl
pkg:deb/debian/python-certifi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2023.7.22-1

Affected versions

2022.*

2022.9.24-1

Ecosystem specific

{
    "urgency": "unimportant"
}