Unaddressed Anaconda Vulnerabilities

I’m honestly baffled by the unresponsiveness by Anaconda to this issue but maybe if I post it here enough eyes will see it and be concerned to get it fixed.

After months of unresponsiveness regarding world-writable permissions configured by the installation of Anaconda and Miniconda in linux I created a CVE for the issue. The CVE in the NVD is here:

And technical details under my personal blog since all of the work was done for any testing:


Thank you for posting this on the forum.

We do already have a ticket for this issue, but I have alerted our engineering team about this post, the CVE and your blog link.