Anaconda Miniconda3 安全漏洞

Anaconda Miniconda3 is a free conda minimal installer from Anaconda USA. A security vulnerability exists in Anaconda Miniconda3 versions prior to 23.11.0-1, which stems from a global writable file that is created during installation and executed with root privileges, potentially resulting in...

CVE-2024-46062

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitra...

CVE-2022-26526

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

Design/Logic Flaw

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

CVE-2022-26526

CVE-2022-26526 affects Anaconda3 up to 2021.11.0.0 and Miniconda3 up to 4.11.0.0. A world-writable directory can be created under %PROGRAMDATA% and added to the system PATH when installed in a non-default configuration (for all users and PATH changes). Local users could gain privileges by placing...

PT-2022-17918 · Anaconda3 +1 · Anaconda3 +1

Name of the Vulnerable Software and Affected Versions: Anaconda3 versions through 2021.11.0.0 Miniconda3 versions through 4.11.0.0 Description: The issue allows local users to gain privileges by placing a Trojan horse file into a world-writable directory under %PROGRAMDATA% that is added to the...