Description
Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.
References (4)
Core 4
Core References
Product, Vendor Advisory x_refsource_misc
https://docs.conda.io/en/latest/miniconda.html
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/continuumio/anaconda-issues/issues
Exploit, Third Party Advisory x_refsource_misc
https://improsec.com/tech-blog/privilege-escalation-vulnerability-in-anaconda3-and-miniconda3
Vendor Advisory x_refsource_misc
https://repo.anaconda.com/miniconda/
Scores
CVSS v3
7.8
EPSS
0.0014
EPSS Percentile
32.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (2)
anaconda/anaconda3
< 2021.11.0.0
conda/miniconda3
< 4.11.0.0
Published
Mar 17, 2022
Tracked Since
Feb 18, 2026