HIGH🇬🇧 English

CVE-2023-37907

CVSS 7.0v3.1pub. 2023-07-25upd. 2024-11-21

Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Cryptomator

    APP
    Cryptomator
    < 1.9.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2026-32309HIGH8.7ten sam produkt

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock ...

CVE-2026-32318HIGH7.6ten sam produkt

Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to ...

CVE-2026-32317HIGH7.6ten sam produkt

Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior...

CVE-2026-32303HIGH7.6ten sam produkt

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vu...

CVE-2022-25366HIGH7.8ten sam produkt

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime...