CVE-2023-39520 MEDIUM

CVE-2023-39520: Cryptomator vulnerable to Local Elevation of Privileges

Vendor Cryptomator
Product cryptomator
Weakness CWE-269
Published August 7, 2023
Last update October 3, 2024
View on NVD All CVEs

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround.

Key dates

02Disclosure timeline

August 7, 2023 CVE published
October 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-8719 AI Engine 3.4.9 - Authenticated (Subscriber+) Privilege Escalation via Missing Authorization in MCP OAuth Bearer Token CVE-2021-36784 Privilege escalation for users with create/update permissions in Global Roles CVE-2026-7641 Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields CVE-2022-35921 User preference to prevent private discussions not respected in fof/byobu CVE-2020-8269