VYPR
Medium severity4.3NVD Advisory· Published Nov 29, 2022· Updated Jun 17, 2026

CVE-2022-45306

CVE-2022-45306

Description

Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.