PT-2024-6615 · Certifi+3 · Certifi+3
Published
2024-07-04
·
Updated
2026-06-03
·
CVE-2024-39689
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions:
Certifi versions 2021.05.30 through 2024.07.03
Description:
The issue is related to the insufficient validation of data when processing the
GLOBALTRUST root certificate, which may allow a remote attacker to compromise the integrity of protected information. GLOBALTRUST's root certificates are being removed due to an investigation that identified long-running and unresolved compliance issues. These certificates are in the process of being removed from Mozilla's trust store.Recommendations:
For versions prior to 2024.07.04, update to version 2024.07.04 or later to remove the
GLOBALTRUST root certificates from the root store.
As a temporary workaround, consider restricting the use of GLOBALTRUST root certificates until a patch is available.Exploit
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Certifi
Debian
Red Os