Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-23491

Good to know:

icon

Date: December 7, 2022

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Language: Python

Severity Score

Related Resources (9)

https://github.com/certifi/python-certifi
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ
https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
https://nvd.nist.gov/vuln/detail/CVE-2022-23491
https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2022-42986.yaml
https://security.netapp.com/advisory/ntap-20230223-0010/
https://github.com/certifi/python-certifi/commit/9e9e840925d7b8e76c76fdac1fab7e6e88c1c3b8
https://security.netapp.com/advisory/ntap-20230223-0010
https://www.mend.io/vulnerability-database/CVE-2022-23491

Severity Score

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Top Fix

icon

Upgrade Version

Upgrade to version certifi - 2022.12.7

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us