• NCP is installed within the environment
• Security scan reports vulnerability CVE-2024-39689 in NCP due to

Python Library Certifi - Untrusted Root Certificate

VMware NSX Container Plugin 4.x

The Certifi package is a direct NCP dependency added to the UBI image for Openshift.

NCP is not impacted by this CVE.

CVE-2024-39689 does not impact NCP. NCP only connects to pre-defined endpoints.

For Openshift and Kubernetes, these are:

• NSX 
• Kubernetes API Server

NCP will not initiate any connection with any other server, and therefore it cannot possibly validate any certificate recognized by GLOBALTRUST. Unless users willingly installed a certificate whose root CA is GLOBALTRUST for either the K8S API server or NSX.