CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
23.8%
Certifi 2022.12.07 removes root certificates from “TrustCor” from the root store. These are in the process of being removed from Mozilla’s trust store.
TrustCor’s root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor’s ownership also operated a business that produced spyware. Conclusions of Mozilla’s investigation can be found here.
Vendor | Product | Version | CPE |
---|---|---|---|
certifi_project | certifi | * | cpe:2.3:a:certifi_project:certifi:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-43fp-rhv2-5gv8
github.com/certifi/python-certifi/commit/9e9e840925d7b8e76c76fdac1fab7e6e88c1c3b8
github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2022-42986.yaml
groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ
nvd.nist.gov/vuln/detail/CVE-2022-23491