VYPR
Unrated severityNVD Advisory· Published Nov 29, 2022· Updated Apr 25, 2025

CVE-2022-45304

CVE-2022-45304

Description

Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.

Affected products

2
  • Chocolatey/Cmder packagedescription
  • Cmderdev/Cmderllm-fuzzy
    Range: <=1.3.20

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.