CVE-2023-35845

CVSS Score of 10 (low)

Details

Published Sep 11, 2023
Updated: Sep 13, 2023
CWE ID 295

Summary

CVE-2023-35845 is a vulnerability affecting Anaconda 3 2023.03-1-Linux and Miniconda. It allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This vulnerability occurs because many files are installed as world-writable on Linux, even when installed as root, disregarding umask. The risk score for this vulnerability is 25, and it has a base severity rating of MEDIUM. To remediate this vulnerability, it is recommended to restrict write access to the cacert.pem file and ensure proper file permissions are set. This vulnerability poses a potential danger to organizations as it could allow attackers with local access to tamper with TLS certificate validation, potentially compromising the security of the system or network.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35845 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options