CVE-2024-46062

Description

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.

PUBLISHED Reserved 2024-09-11 | Published 2025-12-17 | Updated 2025-12-18 | Assigner mitre

References

m8sec.dev/blog/privilege-escalation-macos-pkg-installers/

www.anaconda.com/docs/getting-started/miniconda/release/23.x

cve.org (CVE-2024-46062)

nvd.nist.gov (CVE-2024-46062)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.