Vulnerabilities > Chocolatey

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-45301 Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Ruby
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.
network
low complexity
chocolatey CWE-732
4.3
2022-11-29 CVE-2022-45304 Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Cmder
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.
network
low complexity
chocolatey CWE-732
4.3
2022-11-29 CVE-2022-45305 Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Python3
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.
network
low complexity
chocolatey CWE-732
4.3
2022-11-29 CVE-2022-45306 Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Azure-Pipelines-Agent
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.
network
low complexity
chocolatey CWE-732
4.3
2022-11-29 CVE-2022-45307 Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey PHP
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.
network
low complexity
chocolatey CWE-732
4.3
2020-10-20 CVE-2020-15264 Unspecified vulnerability in Chocolatey Boxstarter
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable.
local
low complexity
chocolatey
7.8