CVE-2023-35845
CVE-2023-35845 affects Anaconda 3 (2023.03-1-Linux) and Miniconda, where local users can disrupt TLS certificate validation by modifying cacert.pem used by pip. Root cause: many files are installed world-writable on Linux, ignoring umask, enabling modification of the CA bundle. Documented impact:...