CNNVD-202512-3265 Information
CNNVD ID
CNNVD-202512-3265
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Anaconda3是美国Anaconda公司的一个用于科学计算(数据科学、机器学习应用程序、大规模数据处理、预测分析等)的 Python 和 R 编程语言的发行版。致力于简化软件包管理系统和部署。 Anaconda3 2024.06-1之前版本存在安全漏洞,该漏洞源于安装过程中创建了全局可写文件并以root权限执行,可能导致本地权限提升。
Description (English)
Anaconda3 is a distribution of Python and R programming languages for scientific computing (data science, machine learning applications, large-scale data processing, prediction analysis, etc.) by Anaconda, United States. Work to streamline the software package management system and deployment. There was a security loophole in the pre-Anaconda 3 2024.06-1 version, which resulted from the creation of a global writeable document and the implementation of root privileges during the installation process, which could lead to the upgrading of local rights.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Anaconda
Published
2025-12-17
Last Modified
2026-02-24
References
https://m8sec.dev/blog/privilege-escalation-macos-pkg-installers/ https://www.anaconda.com/docs/getting-started/anaconda/release/2024.x#anaconda-2024-06-1 https://access.redhat.com/security/cve/cve-2024-46060
Patch
https://www.anaconda.com/docs/getting-started/anaconda/release/2024.x#anaconda-2024-06-1
Share on: