Unaddressed Anaconda Vulnerabilities

jeremy.filizetti.ctr · September 27, 2023, 4:40pm

I’m honestly baffled by the unresponsiveness by Anaconda to this issue but maybe if I post it here enough eyes will see it and be concerned to get it fixed.

After months of unresponsiveness regarding world-writable permissions configured by the installation of Anaconda and Miniconda in linux I created a CVE for the issue. The CVE in the NVD is here:
https://nvd.nist.gov/vuln/detail/CVE-2023-35845

And technical details under my personal blog since all of the work was done for any testing:

Kimberly · October 2, 2023, 7:23pm

Hello!

Thank you for posting this on the forum.

We do already have a ticket for this issue, but I have alerted our engineering team about this post, the CVE and your blog link.

Regards,

Topic		Replies	Views
CVE 2021-42969: anyone fixing? Anaconda & Miniconda	6	446	May 7, 2024
CVE-2023-4863 "WebP / LibWebP" Fix Technical Topics	0	279	September 20, 2023
Anaconda and Security Compliance? Feedback	6	99	September 27, 2024
No write permissions to ...\Anaconda3 Anaconda & Miniconda	2	4305	March 23, 2023
NotWritableError Anaconda & Miniconda	0	427	January 18, 2024

Unaddressed Anaconda Vulnerabilities

Related topics