CVE-2023-39520
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-39520
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39520.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-39520
- Aliases
-
- GHSA-62gx-54j7-mjh3
- Published
- 2023-08-07T19:35:45Z
- Modified
- 2025-10-22T18:39:02.002077Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Cryptomator vulnerable to Local Elevation of Privileges
- Details
-
Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the
repairfunction. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the-NoProfileparameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a-NoProfileto the powershell is a possible workaround. - Database specific
{ "cwe_ids": [ "CWE-269" ] }- References
-
- https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3
- https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b
- https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi
- https://github.com/cryptomator/cryptomator/releases/tag/1.9.3
Affected packages
Git / github.com/cryptomator/cryptomator
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cryptomator/cryptomator
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0
0.10.0
0.10.1
0.11.0
0.2.0
0.3.0
0.4.0
0.5.0
0.5.1
0.5.2
0.5.3
0.6.0
0.7.0
0.7.1
0.7.2
0.8.0
0.8.1
0.8.2
0.9.0
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.3b
1.0.3c
1.0.3d
1.0.4
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.3.0
1.3.0-rc1
1.3.0-rc2
1.3.0-rc3
1.3.0-rc4
1.3.0-rc5
1.3.0-rc6
1.3.0-rc7
1.3.0-rc8
1.3.0-rc9
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.4.0
1.4.0-beta1
1.4.0-beta2
1.4.0-beta3
1.4.0-rc1
1.4.1
1.4.10
1.4.10-rc1
1.4.11
1.4.11-rc1
1.4.11-rc2
1.4.12
1.4.12-rc1
1.4.12-rc2
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.2
1.4.3
1.4.4
1.4.5
1.4.5-beta1
1.4.6
1.4.6-beta1
1.4.7
1.4.8
1.4.9
1.5.0
1.5.0-alpha1
1.5.0-alpha2
1.5.0-beta1
1.5.0-beta2
1.5.0-beta3
1.5.0-rc1
1.5.0-rc2
1.5.0-rc3
1.5.1
1.5.10
1.5.11
1.5.12
1.5.12-beta1
1.5.13
1.5.14
1.5.15
1.5.16
1.5.17
1.5.18
1.5.19
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.9-beta1
1.5.9-beta2
1.6.0
1.6.0-alpha1
1.6.0-alpha2
1.6.0-beta1
1.6.0-beta2
1.6.0-beta3
1.6.0-beta4
1.6.0-rc1
1.6.0-rc2
1.6.0-rc3
1.6.1
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.7.0
1.7.0-alpha1
1.7.0-alpha2
1.7.0-beta1
1.7.0-beta2
1.7.0-beta3
1.7.0-rc1
1.7.0-rc2
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.8.0
1.9.0
1.9.0-beta1
1.9.1
1.9.2
Other
continuous
nightly