MidnightBSD

Advisories for chocolatey

CVE-2020-15264 HIGH

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security-advisories@github.com 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H 1.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-73,CWE-668,

Products Affected

Vendor Product Version
chocolatey boxstarter *
CVE-2022-45301

Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.

Products Affected

Vendor Product Version
chocolatey chocolatey_ruby *
CVE-2022-45304

Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.

Products Affected

Vendor Product Version
chocolatey chocolatey_cmder *
CVE-2022-45305

Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.

Products Affected

Vendor Product Version
chocolatey chocolatey_python3 *
CVE-2022-45306

Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.

Products Affected

Vendor Product Version
chocolatey chocolatey_azure-pipelines-agent *
CVE-2022-45307

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.

Products Affected

Vendor Product Version
chocolatey chocolatey_php *