Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 26 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:anaconda:anaconda3:-:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-26T15:00:22.497Z

Reserved: 2023-06-19T00:00:00

Link: CVE-2023-35845

cve-icon Vulnrichment

Updated: 2024-08-02T16:30:45.337Z

cve-icon NVD

Status : Modified

Published: 2023-09-11T08:15:07.493

Modified: 2024-11-21T08:08:48.520

Link: CVE-2023-35845

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.