Cryptomator
CVE-2023-39520
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the -NoProfile parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a -NoProfile to the powershell is a possible workaround.
AnalysisAI
Cryptomator encrypts data being stored on cloud infrastructure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the -NoProfile parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a -NoProfile to the powershell is a possible workaround. Affected products include: Cryptomator. Version information: version 1.9.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
More in Cryptomator
View allCryptomator is data encryption software for users who store their files in the cloud. Rated high severity (CVSS 7.8), th
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has t
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator m
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today