Medium severity4.7NVD Advisory· Published Sep 11, 2023· Updated Jun 17, 2026
CVE-2023-35845
CVE-2023-35845
Description
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Anaconda/Anaconda 3 - Linuxdescription
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.