CVE-2022-45306: n/a in n/a
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.
AI Analysis
Technical Summary
CVE-2022-45306 is a medium-severity vulnerability related to insecure permissions in the Chocolatey Azure-Pipelines-Agent package version 2.211.1 and earlier. Specifically, the issue arises because the subfolder C:\agent and all files within it are granted write privileges to all users in the Authenticated Users group on Windows systems. This misconfiguration corresponds to CWE-732 (Incorrect Permission Assignment for Critical Resource). The vulnerability allows any authenticated user on the affected system to modify files within the agent directory, potentially leading to unauthorized changes to the agent's operation. Since the Azure Pipelines Agent is used to run CI/CD pipelines, an attacker with write access could tamper with build or deployment scripts, inject malicious code, or disrupt pipeline execution. The CVSS 3.1 base score is 4.3 (medium), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or availability impact (C:N, A:N), but integrity impact is low (I:L). No known exploits are reported in the wild, and no patches are linked in the provided data. The vulnerability is rooted in improper permission settings rather than a software bug, meaning remediation involves correcting access controls on the affected directories and files. The issue affects Windows environments where the Chocolatey Azure-Pipelines-Agent package is installed and used, which is common in organizations employing Azure DevOps for CI/CD workflows.
Potential Impact
For European organizations, this vulnerability could lead to unauthorized modification of CI/CD pipeline agents, potentially allowing malicious actors with authenticated access to alter build or deployment processes. This could result in the injection of malicious code into software releases, undermining software integrity and trust. Although the vulnerability does not directly impact confidentiality or availability, the integrity compromise can have downstream effects including supply chain attacks, deployment of backdoored software, or disruption of development workflows. Organizations relying heavily on Azure DevOps and Chocolatey for automated deployments are at higher risk. The impact is particularly significant for sectors with stringent software integrity requirements such as finance, healthcare, and critical infrastructure. Additionally, since the vulnerability requires authenticated access, insider threats or compromised user accounts could exploit this weakness. The lack of known exploits suggests limited active exploitation, but the potential for misuse remains, especially in environments with lax internal access controls.
Mitigation Recommendations
Immediately review and correct NTFS permissions on the C:\agent directory and all its contents to restrict write access only to necessary service accounts or administrators, removing write privileges from the Authenticated Users group. Implement the principle of least privilege for all users and service accounts interacting with the Azure Pipelines Agent. Regularly audit permissions on critical directories related to build and deployment agents to detect and remediate improper access rights. Monitor file integrity within the agent directory using file integrity monitoring tools to detect unauthorized changes. Restrict network access to build agents to trusted users and systems to reduce the risk of unauthorized authenticated access. Ensure that all users with access to build agents follow strong authentication practices, including multi-factor authentication where possible. Keep the Azure Pipelines Agent and related tooling up to date with the latest versions and security patches once available. Establish internal policies and training to raise awareness about the risks of improper permissions and insider threats in CI/CD environments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Belgium
CVE-2022-45306: n/a in n/a
Description
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.
AI-Powered Analysis
Technical Analysis
CVE-2022-45306 is a medium-severity vulnerability related to insecure permissions in the Chocolatey Azure-Pipelines-Agent package version 2.211.1 and earlier. Specifically, the issue arises because the subfolder C:\agent and all files within it are granted write privileges to all users in the Authenticated Users group on Windows systems. This misconfiguration corresponds to CWE-732 (Incorrect Permission Assignment for Critical Resource). The vulnerability allows any authenticated user on the affected system to modify files within the agent directory, potentially leading to unauthorized changes to the agent's operation. Since the Azure Pipelines Agent is used to run CI/CD pipelines, an attacker with write access could tamper with build or deployment scripts, inject malicious code, or disrupt pipeline execution. The CVSS 3.1 base score is 4.3 (medium), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or availability impact (C:N, A:N), but integrity impact is low (I:L). No known exploits are reported in the wild, and no patches are linked in the provided data. The vulnerability is rooted in improper permission settings rather than a software bug, meaning remediation involves correcting access controls on the affected directories and files. The issue affects Windows environments where the Chocolatey Azure-Pipelines-Agent package is installed and used, which is common in organizations employing Azure DevOps for CI/CD workflows.
Potential Impact
For European organizations, this vulnerability could lead to unauthorized modification of CI/CD pipeline agents, potentially allowing malicious actors with authenticated access to alter build or deployment processes. This could result in the injection of malicious code into software releases, undermining software integrity and trust. Although the vulnerability does not directly impact confidentiality or availability, the integrity compromise can have downstream effects including supply chain attacks, deployment of backdoored software, or disruption of development workflows. Organizations relying heavily on Azure DevOps and Chocolatey for automated deployments are at higher risk. The impact is particularly significant for sectors with stringent software integrity requirements such as finance, healthcare, and critical infrastructure. Additionally, since the vulnerability requires authenticated access, insider threats or compromised user accounts could exploit this weakness. The lack of known exploits suggests limited active exploitation, but the potential for misuse remains, especially in environments with lax internal access controls.
Mitigation Recommendations
Immediately review and correct NTFS permissions on the C:\agent directory and all its contents to restrict write access only to necessary service accounts or administrators, removing write privileges from the Authenticated Users group. Implement the principle of least privilege for all users and service accounts interacting with the Azure Pipelines Agent. Regularly audit permissions on critical directories related to build and deployment agents to detect and remediate improper access rights. Monitor file integrity within the agent directory using file integrity monitoring tools to detect unauthorized changes. Restrict network access to build agents to trusted users and systems to reduce the risk of unauthorized authenticated access. Ensure that all users with access to build agents follow strong authentication practices, including multi-factor authentication where possible. Keep the Azure Pipelines Agent and related tooling up to date with the latest versions and security patches once available. Establish internal policies and training to raise awareness about the risks of improper permissions and insider threats in CI/CD environments.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-11-14T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d983fc4522896dcbf045f
Added to database: 5/21/2025, 9:09:19 AM
Last enriched: 6/24/2025, 12:41:32 PM
Last updated: 8/15/2025, 6:38:08 PM
Views: 12
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.