exploitDog

CVE-2024-46062

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.

Ссылки

https://m8sec.dev/blog/privilege-escalation-macos-pkg-installers/
Exploit
Third Party Advisory
https://www.anaconda.com/docs/getting-started/miniconda/release/23.x#miniconda-23-11-0-1
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:conda:miniconda3:*:*:*:*:*:*:*:*

Версия до 23.11.0-1 (исключая)

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00025

Низкий

7.8 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-jqqw-5c3x-2cjx

CVSS3: 7.8

github

около 2 месяцев назад

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.

EPSS

Процентиль: 6%

0.00025

Низкий

7.8 High

CVSS3

Дефекты

CWE-77