Описание
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.
Ссылки
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.2.1 (включая)
cpe:2.3:a:chocolatey:chocolatey_ruby:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.0013
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-732
CWE-732
Связанные уязвимости
CVSS3: 4.3
github
около 3 лет назад
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.
EPSS
Процентиль: 33%
0.0013
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-732
CWE-732