Security scan reporting vulnerability CVE-2024-39689 in NCP
search cancel

Security scan reporting vulnerability CVE-2024-39689 in NCP

book

Article ID: 387403

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • NCP is installed within the environment
  • Security scan reports vulnerability CVE-2024-39689 in NCP due to

Python Library Certifi - Untrusted Root Certificate

Environment

VMware NSX Container Plugin 4.x

Cause

The Certifi package is a direct NCP dependency added to the UBI image for Openshift.

Resolution

NCP is not impacted by this CVE.

Additional Information

CVE-2024-39689 does not impact NCP. NCP only connects to pre-defined endpoints.

For Openshift and Kubernetes, these are:

  • NSX 
  • Kubernetes API Server

NCP will not initiate any connection with any other server, and therefore it cannot possibly validate any certificate recognized by GLOBALTRUST. Unless users willingly installed a certificate whose root CA is GLOBALTRUST for either the K8S API server or NSX.