CVE-2022-26526

Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:anaconda:anaconda3:*:*:*:*:*:*:*:*
cpe:2.3:a:conda:miniconda3:*:*:*:*:*:*:*:*

History

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-426 CWE-732

Information

Published : 2022-03-17 16:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-26526

Mitre link : CVE-2022-26526

CVE.ORG link : CVE-2022-26526


JSON object : View

Products Affected

conda

  • miniconda3

anaconda

  • anaconda3
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource