CVE-2022-26526
More information about this CVE will likely be available in a few days.
Description
Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.)
Related CPE's
Could not find any relations
References
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics