Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue.
History

Thu, 03 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-25T20:11:50.843Z

Updated: 2024-10-03T18:51:28.195Z

Reserved: 2023-07-10T17:51:29.611Z

Link: CVE-2023-37907

cve-icon Vulnrichment

Updated: 2024-08-02T17:23:27.669Z

cve-icon NVD

Status : Modified

Published: 2023-07-25T21:15:10.647

Modified: 2024-11-21T08:12:26.597

Link: CVE-2023-37907

cve-icon Redhat

No data.