Python Library Certifi - Untrusted Root Certificate
VMware NSX Container Plugin 4.x
The Certifi package is a direct NCP dependency added to the UBI image for Openshift.
NCP is not impacted by this CVE.
CVE-2024-39689 does not impact NCP. NCP only connects to pre-defined endpoints.
For Openshift and Kubernetes, these are:
NCP will not initiate any connection with any other server, and therefore it cannot possibly validate any certificate recognized by GLOBALTRUST. Unless users willingly installed a certificate whose root CA is GLOBALTRUST for either the K8S API server or NSX.