Chocolatey is a NuGet-based package manager for Windows, a cross-platform, object-oriented, dynamically typed programming language developed by Yukihiro Matsumoto, a personal developer of the Chocolatey Ruby package v3.1.2.1 and earlier versions, which is vulnerable by design. The vulnerability stems from all users in the Authenticated users group having write access to the path C:\tools\ruby31 and all files in that folder. An attacker could exploit this vulnerability to gain file write access.