Skip to main content
Version: latest

CVE-2023-37920

CVE Details

Visit the official vulnerability details page for CVE-2023-37920 to learn more.

Initial Publication

10/25/2024

Last Update

12/12/2024

Third Party Dependency

ca-certificates

NIST CVE Summary

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

CVE Severity

9.8

Our Official Summary

This vulnerability was found in the python-certifi package. eTurgra certificates are marked as untrusted by Mozilla and were removed from Mozilla's root store in July 2023. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector. This issue is mostly impacted during the use of web browsers. The vulnerability exploitation likelihood in the calico cni images is low. We are waiting on an upstream fix from the 3rd party vendors. We will upgrade the images once the upstream fix becomes available.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.5.11✅ No Impact⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.10✅ No Impact⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.8✅ No Impact⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.5✅ No Impact⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.4✅ No Impact⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.4.20✅ No Impact⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

DateRevision
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10
11/13/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20
11/10/2024Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8
10/27/2024Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5