CVE-2022-45305 is a medium severity vulnerability affecting the Chocolatey Python3 package version 3.11.0 and earlier. The issue arises from insecure permissions set on the installation directory, specifically the subfolder C:\Python311 and all files within it. These permissions grant write access to all users in the Authenticated Users group, which typically includes any user account that has logged into the system. This misconfiguration violates the principle of least privilege and allows unauthorized users to modify or replace files within the Python installation directory. The vulnerability is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource). The CVSS v3.1 base score is 4.3, reflecting a network attack vector with low attack complexity, requiring privileges (PR:L) but no user interaction, and impacting integrity only (no confidentiality or availability impact). Exploitation would allow an authenticated user with standard privileges to alter Python binaries or scripts, potentially leading to privilege escalation or execution of malicious code when Python is invoked by other users or system processes. No patches or vendor-specific mitigations are listed, and no known exploits are currently reported in the wild. The vulnerability is relevant primarily in Windows environments where Chocolatey is used to install Python 3.11.0 or earlier versions, and where multiple users share the same system or have authenticated access.

For European organizations, this vulnerability poses a moderate risk, particularly in environments where Python is installed via Chocolatey on shared Windows systems such as development workstations, build servers, or multi-user terminals. An attacker or malicious insider with authenticated access could modify Python executables or libraries, potentially injecting malicious code that executes with the privileges of other users or automated processes relying on Python. This could lead to integrity compromise of critical scripts or applications, unauthorized code execution, and possibly lateral movement within the network if Python is used in automation or orchestration tasks. While the vulnerability does not directly impact confidentiality or availability, the integrity compromise could facilitate further attacks, including data manipulation or persistence mechanisms. Organizations with strict multi-user environments, such as universities, research institutions, or enterprises with shared development infrastructure, are more exposed. The lack of user interaction requirement and low attack complexity increase the likelihood of exploitation once an attacker gains authenticated access. However, the prerequisite of authenticated access limits remote exploitation unless combined with other vulnerabilities or misconfigurations.

1. Immediately audit the permissions on the C:\Python311 directory and all subfolders/files on affected systems to ensure that only trusted administrative accounts have write access. Remove write permissions from the Authenticated Users group. 2. Where possible, reinstall Python using Chocolatey with custom permission settings or install Python manually to avoid inheriting insecure permissions. 3. Implement strict access controls and user account management to limit the number of users with authenticated access to shared systems. 4. Employ application whitelisting or integrity monitoring tools to detect unauthorized modifications to Python executables and libraries. 5. Regularly review and harden Windows file system permissions, especially on directories used by development tools and runtime environments. 6. Monitor logs for unusual activity related to Python execution or file modifications in the Python installation directory. 7. Educate system administrators and developers about the risks of insecure permissions and the importance of least privilege principles in software installations. 8. If feasible, isolate critical Python environments to dedicated user accounts or containers to reduce the attack surface. 9. Stay alert for any vendor updates or patches addressing this issue and apply them promptly once available.