9 matches found
CVE-2025-49843
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
CVE-2025-49824
CVE-2025-49824 affects the conda-smithy tool. Before 3.47.1, the travis_encrypt_binstar_token RSA signing code uses an outdated padding scheme, making it vulnerable to an Oracle Padding Attack. An attacker with oracle access can submit modified ciphertexts and, through response analysis, infer th...
CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...
CVE-2025-49843
The CVE-2025-49843 issue affects conda-smithy prior to version 3.47.1, where the travis_headers function creates files with permissions exceeding 0o600, potentially allowing read/write access beyond the intended user. This weakens least-privilege protections and could let an attacker access confi...
CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...
PT-2025-25763 ยท Unknown ยท Conda-Smithy
Name of the Vulnerable Software and Affected Versions: conda-smithy versions prior to 3.47.1 Description: The issue concerns a tool that combines a conda recipe with configurations for building using freely hosted CI services. Prior to version 3.47.1, a function in the repository creates files wi...
conda-forge conda-smithy ๅฎๅ จๆผๆด
conda-forge conda-smithy is a conda-forge open source tool for managing raw materials for Conda Forge. A security vulnerability exists in conda-forge conda-smithy versions prior to 3.47.1, which stems from a file created by the travisheaders function having too many permissions, which could lead ...
conda-forge conda-smithy ไฟกๆฏๆณ้ฒๆผๆด
conda-forge conda-smithy is a conda-forge open source tool for managing conda-forge raw materials. An information disclosure vulnerability exists in conda-forge conda-smithy versions prior to 3.47.1, which stems from the travisencryptbinstartoken implementation being at risk of an Oracle Padding...