CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39520 – Cryptomator vulnerable to Local Elevation of Privileges
https://notcve.org/view.php?id=CVE-2023-39520
Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. • https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi https://github.com/cryptomator/cryptomator/releases/tag/1.9.3 https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37907 – Cryptomator's MSI installer allows local privilege escalation
https://notcve.org/view.php?id=CVE-2023-37907
Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue. • https://github.com/cryptomator/cryptomator/commit/b48ebd524b1626bf12ac98e35a7670b868fa208c https://github.com/cryptomator/cryptomator/releases/tag/1.9.2 https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9c9p-c3mg-hpjq • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25366
https://notcve.org/view.php?id=CVE-2022-25366
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable. Cryptomator versiones hasta 1.6.5, permite una inyección de DYLIB porque, aunque presenta el flag 0x1000 para Hardened Runtime, presenta los derechos com.apple.security.cs.disable-library-validation y com.apple.security.cs.allow-dyld-environment-variables. Un atacante puede explotar esto creando un archivo .dylib malicioso que puede ser ejecutado por medio de la variable de entorno DYLD_INSERT_LIBRARIES • https://cryptomator.org https://medium.com/%40tehwinsam/cryptomator-1-6-5-dylib-injection-8004a1e90b26 • CWE-426: Untrusted Search Path •