Anaconda: >> Anaconda3 >> 2023.03-1 Security Vulnerabilities
Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-17
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-09-11