Medium severity4.3NVD Advisory· Published Nov 29, 2022· Updated Jun 17, 2026
CVE-2022-45306
CVE-2022-45306
Description
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.
Affected products
2- Chocolatey/Azure-Pipelines-Agent packagedescription
- Range: <=2.211.1
Patches
Vulnerability mechanics
References
1- github.com/ycdxsb/Vuln/blob/main/azure-pipelines-agent-weak-permission-vuln/azure-pipelines-agent-weak-permission-vuln.mdnvdBroken LinkThird Party Advisory
News mentions
0No linked articles in our index yet.