CVE-2023-37920

{"id": "CVE-2023-37920", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-07-25T21:15:10.827", "references": [{"url": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A", "tags": ["Mailing List", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/", "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-345"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store."}], "lastModified": "2023-08-12T06:16:31.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kennethreitz:certifi:*:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "A779FFD7-F100-4F79-B6B3-1B8AB5CC8D45", "versionEndExcluding": "2023.07.22", "versionStartIncluding": "2015.04.28"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}