BIT-miniconda-2022-26526

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/miniconda/BIT-miniconda-2022-26526.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-miniconda-2022-26526
Aliases
  • CVE-2022-26526
Published
2024-03-06T10:56:02.285Z
Modified
2024-03-06T12:28:11.539362Z
Summary
[none]
Details

Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.

Database specific
{
    "cpes": [
        "cpe:2.3:a:conda:miniconda3:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / miniconda

Package

Name
miniconda
Purl
pkg:bitnami/miniconda

Severity

  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.11.0