CVE-2022-45306

Published November 29th, 2022

View on NVD ↗

CVSS v3

4.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.

ycdxsb/Vuln

GitHub