Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-11-29T00:00:00
Updated: 2024-08-03T14:09:56.917Z
Reserved: 2022-11-14T00:00:00
Link: CVE-2022-45306
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-29T02:15:09.117
Modified: 2024-11-21T07:29:02.360
Link: CVE-2022-45306
Redhat
No data.