Five medium Chocolatey CVEs announced

RTP · December 8, 2022, 1:21am

chocolatey_azure-pipelines-agent
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.
[NVD - CVE-2022-45306]

chocolatey_cmder
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.
[NVD - CVE-2022-45304]

chocolatey_php
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.
[NVD - CVE-2022-45307]

chocolatey_python3
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.
[NVD - CVE-2022-45305]

chocolatey_ruby
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.
[NVD - CVE-2022-45301]

Topic		Replies	Views
Installing 3rd party apps is not simple Other	17	1292	April 4, 2023
Update regarding CVE-2022-29072 (7-Zip Vulnerability) Announcements	3	375	May 6, 2022
The December CyberDrain Community Event Is Now Live! Community Events	39	2330	December 15, 2021
Upcoming CyberDrain Community Scripting Event - 12/14/21 Community Events	0	390	December 7, 2021
Script to report if user has admin rights?	3	759	October 17, 2023

Five medium Chocolatey CVEs announced

Related Topics