CVE-2024-46060

High CVSS: 7.8

Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.

Vendor

Anaconda

Product

Anaconda3

CWE

CWE-77

Yayın Tarihi

2025-12-17 19:16:00

Güncelleme

2026-01-05 14:42:39

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Anaconda3 HIGH Anaconda 2025

Referanslar

https://m8sec.dev/blog/privilege-escalation-macos-pkg-installers/ https://www.anaconda.com/docs/getting-started/anaconda/release/2024.x#anaconda-2024-06-1

Benzer Kayıtlar

Medium

CVE-2026-23528

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, an…

Medium

CVE-2025-32799

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing log…

High

CVE-2025-32800

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda…

High

CVE-2025-32798

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe process…

Medium

CVE-2025-32797

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts functi…