Описание
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.
Ссылки
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.20 (включая)
cpe:2.3:a:chocolatey:chocolatey_cmder:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.0013
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-732
CWE-732
Связанные уязвимости
CVSS3: 4.3
github
около 3 лет назад
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.
EPSS
Процентиль: 33%
0.0013
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-732
CWE-732