Home > Vulnerability Database > CVE-2022-23491

Mend.io Vulnerability Database

CVE-2022-23491

Good to know:

Date: December 7, 2022

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Language: Python

Severity Score

7.5

Related Resources (6)

Url: https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ

Url: https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-23491

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23491

Url: https://security-tracker.debian.org/tracker/CVE-2022-23491

Url: https://www.mend.io/vulnerability-database/CVE-2022-23491

Severity Score

7.5

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Top Fix

Upgrade Version

Upgrade to version certifi - 2022.12.07

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-23491

Good to know:

Date: December 7, 2022

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?