Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.
CPE | Name | Operator | Version |
---|---|---|---|
chocolatey_azure-pipelines-agent | le | 2.211.1 |