Bitnami package
miniconda
pkg:bitnami/miniconda
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-35845 | — | >= 2023.03-1.0, <= 2023.03-1.0 | — | Sep 11, 2023 | Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as | ||
| CVE-2021-42969 | — | >= 2021.05.0, <= 2021.05.0 | — | May 13, 2022 | Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed. | ||
| CVE-2022-26526 | — | < 4.11.0 | 4.11.0 | Mar 17, 2022 | Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placi |
- CVE-2023-35845Sep 11, 2023affected >= 2023.03-1.0, <= 2023.03-1.0
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as
- CVE-2021-42969May 13, 2022affected >= 2021.05.0, <= 2021.05.0
Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed.
- CVE-2022-26526Mar 17, 2022affected < 4.11.0fixed 4.11.0
Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placi