Vulnerability Details CVE-2024-46060
Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.1%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2024-46060
-
cpe:2.3:a:anaconda:anaconda3:-
-
cpe:2.3:a:anaconda:anaconda3:2021.05
-
cpe:2.3:a:anaconda:anaconda3:2021.11.0.0
-
cpe:2.3:a:anaconda:anaconda3:2023.03-1
-
cpe:2.3:o:apple:macos:-