Lucene search
MitreCVE-2022-45306HistoryNov 29, 2022 - 2:15 a.m.
CVE-2022-45306
2022-11-2902:15:09
CWE-732
mitre
web.nvd.nist.gov
26
cve-2022-45306
insecure permissions
chocolatey
azure-pipelines-agent
nvd
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
22.8%
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.
Affected configurations
Node
chocolateychocolatey_azure-pipelines-agentRange≤2.211.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| chocolatey | chocolatey_azure-pipelines-agent | * | cpe:2.3:a:chocolatey:chocolatey_azure-pipelines-agent:*:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2022-11-29 02:15:00
cnvd
cnvd
Chocolatey Azure Pipelines Agent Privilege Design Vulnerability
2022-12-01 00:00:00
nvd
nvd
CVE-2022-45306
2022-11-29 02:15:09
cvelist
cvelist
CVE-2022-45306
2022-11-29 00:00:00
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.7
Confidence
High
EPSS
0.001
Percentile
22.8%
Related for CVE-2022-45306