Описание
Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.
Ссылки
- ExploitThird Party Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 2024.06-1 (исключая)
Одновременно
cpe:2.3:a:anaconda:anaconda3:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
EPSS
Процентиль: 6%
0.00025
Низкий
7.8 High
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 7.8
github
около 2 месяцев назад
Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.
EPSS
Процентиль: 6%
0.00025
Низкий
7.8 High
CVSS3
Дефекты
CWE-77