CVEFinder.io

CVE-2022-23491

🔶 medium
🔍 Scan for this CVE
Summary

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozi

Description

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

CVSS Score
6.8
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2022-12-07
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.8% of all 328,009 vulnerabilities in our database.

#167,835
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Apr 23, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2025-02-12
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
CWE IDs (Weakness Types)
CWE-345

📦 Affected Products 4

Vendor Product Status Affected Versions
netapp e-series_performance_analyzer Affected
v-
netapp management_services_for_element_software Affected
v-
netapp management_services_for_netapp_hci Affected
v-
certifi certifi Affected
≥ 2017.11.5 < 2022.12.7

🔗 References 3

https://github.com/certifi/python-certifi/security/a...
Third Party Advisory
https://groups.google.com/a/mozilla.org/g/dev-securi...
Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20230223-0...
Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2024-39689 ⚠️ high 7.5 21.7 Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verify... 2024-07-05
CVE-2023-36054 🔶 medium 6.5 0.7 lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized poin... 2023-08-07
CVE-2023-37920 ⚠️ high 7.5 0.1 Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verify... 2023-07-25
CVE-2023-24329 ⚠️ high 7.5 1.4 An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supply... 2023-02-17
CVE-2022-45061 ⚠️ high 7.5 0.1 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing s... 2022-11-09
CVE-2022-37966 ⚠️ high 8.1 1.4 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability 2022-11-09
These CVEs affect the same products