Vulnerabilities > Chocolatey
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-29 | CVE-2022-45301 | Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Ruby Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder. | 4.3 |
| 2022-11-29 | CVE-2022-45304 | Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Cmder Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder. | 4.3 |
| 2022-11-29 | CVE-2022-45305 | Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Python3 Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder. | 4.3 |
| 2022-11-29 | CVE-2022-45306 | Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Azure-Pipelines-Agent Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder. | 4.3 |
| 2022-11-29 | CVE-2022-45307 | Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey PHP Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder. | 4.3 |
| 2020-10-20 | CVE-2020-15264 | External Control of File Name or Path vulnerability in Chocolatey Boxstarter The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. | 7.2 |