Vulnerabilities > Chocolatey > Chocolatey Azure Pipelines Agent
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-29 | CVE-2022-45306 | Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Azure-Pipelines-Agent Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder. | 4.3 |