CNNVD-202512-3264 Information
CNNVD ID
CNNVD-202512-3264
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Anaconda Miniconda3是美国Anaconda公司的一个免费的 conda 最小安装程序。 Anaconda Miniconda3 23.11.0-1之前版本存在安全漏洞,该漏洞源于安装过程中创建了全局可写文件并以root权限执行,可能导致本地权限提升。
Description (English)
Anaconda Miniconda3 is a free-of-charge conda minimum installation program for Anaconda. There was a security loophole in the pre-Anaconda Miniconda 23.11.01-1, which resulted from the creation of a global writeable document and the implementation of root privileges during the installation process, which could lead to an increase in local privileges.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Anaconda
Published
2025-12-17
Last Modified
2026-02-24
References
https://m8sec.dev/blog/privilege-escalation-macos-pkg-installers/ https://www.anaconda.com/docs/getting-started/miniconda/release/23.x#miniconda-23-11-0-1 https://access.redhat.com/security/cve/cve-2024-46062
Patch
https://www.anaconda.com/docs/getting-started/miniconda/release/23.x#miniconda-23-11-0-1
Share on: