vulnerability

Amazon Linux AMI 2: CVE-2023-37920: Security patch for ca-certificates (ALAS-2023-2224)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jul 25, 2023	Sep 8, 2023	Jan 30, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jul 25, 2023

Added

Sep 8, 2023

Modified

Jan 30, 2025

Description

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

Solution

amazon-linux-ami-2-upgrade-ca-certificates

References

AMAZON-AL2/ALAS-2023-2224
CVE-2023-37920
https://attackerkb.com/topics/CVE-2023-37920

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today