Lucene search
China National Vulnerability DatabaseCNVD-2022-85488HistoryDec 01, 2022 - 12:00 a.m.
Chocolatey Azure Pipelines Agent Privilege Design Vulnerability
2022-12-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
chocolatey
azure pipelines
devops
privilege design
vulnerability
all users
authenticated users
file write access
0.001 Low
EPSS
Percentile
22.8%
Chocolatey can handle various types of installation packages. Azure Pipelines Agent, also known as Azure Pipelines Agent, is primarily used in the Devops process to generate code or deploy software. a privilege design vulnerability in the Chocolatey Azure Pipelines Agent package v2.211.1 and prior versions, which stems from All users in the Authenticated users group have write access to the subfolder C:\Agent and all files in that folder, and an attacker could exploit the vulnerability to gain file write access.
| CPE | Name | Operator | Version |
|---|---|---|---|
| xwiki xwiki platform >=8.1, | lt | 13.10.8 | |
| xwiki xwiki platform >=14.0, | lt | 14.4.3 | |
| xwiki xwiki platform >=14.5, | lt | 14.6 |
Related
cvelist
cvelist
CVE-2022-45306
2022-11-29 00:00:00
cve
cve
CVE-2022-45306
2022-11-29 02:15:09
prion
prion
Design/Logic Flaw
2022-11-29 02:15:00
nvd
nvd
CVE-2022-45306
2022-11-29 02:15:09