CVE-2022-45307

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-732
View all →

Vulnerability Description

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.

Related Vulnerabilities

CVE-2016-11065

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.

CWE-7322016

CVE-2016-11080

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.

CWE-7322016

CVE-2017-18870

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.

CWE-7322017

CVE-2017-18872

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.

CWE-7322017

CVE-2017-18878

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.

CWE-7322017

CVE-2017-18910

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.

CWE-7322017