CVE-2023-39520

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-39520
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39520.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-39520
Related
  • GHSA-62gx-54j7-mjh3
Published
2023-08-07T20:15:09Z
Modified
2025-01-15T04:56:34.704263Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the -NoProfile parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a -NoProfile to the powershell is a possible workaround.

References

Affected packages

Git / github.com/cryptomator/cryptomator

Affected ranges

Type
GIT
Repo
https://github.com/cryptomator/cryptomator
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

0.*

0.1.0
0.10.0
0.10.1
0.11.0
0.2.0
0.3.0
0.4.0
0.5.0
0.5.1
0.5.2
0.5.3
0.6.0
0.7.0
0.7.1
0.7.2
0.8.0
0.8.1
0.8.2
0.9.0

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.3b
1.0.3c
1.0.3d
1.0.4
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.3.0
1.3.0-rc1
1.3.0-rc2
1.3.0-rc3
1.3.0-rc4
1.3.0-rc5
1.3.0-rc6
1.3.0-rc7
1.3.0-rc8
1.3.0-rc9
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.4.0
1.4.0-beta1
1.4.0-beta2
1.4.0-beta3
1.4.0-rc1
1.4.1
1.4.10
1.4.10-rc1
1.4.11
1.4.11-rc1
1.4.11-rc2
1.4.12
1.4.12-rc1
1.4.12-rc2
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.2
1.4.3
1.4.4
1.4.5
1.4.5-beta1
1.4.6
1.4.6-beta1
1.4.7
1.4.8
1.4.9
1.5.0
1.5.0-alpha1
1.5.0-alpha2
1.5.0-beta1
1.5.0-beta2
1.5.0-beta3
1.5.0-rc1
1.5.0-rc2
1.5.0-rc3
1.5.1
1.5.10
1.5.11
1.5.12
1.5.12-beta1
1.5.13
1.5.14
1.5.15
1.5.16
1.5.17
1.5.18
1.5.19
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.9-beta1
1.5.9-beta2
1.6.0
1.6.0-alpha1
1.6.0-alpha2
1.6.0-beta1
1.6.0-beta2
1.6.0-beta3
1.6.0-beta4
1.6.0-rc1
1.6.0-rc2
1.6.0-rc3
1.6.1
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.7.0
1.7.0-alpha1
1.7.0-alpha2
1.7.0-beta1
1.7.0-beta2
1.7.0-beta3
1.7.0-rc1
1.7.0-rc2
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.8.0
1.9.0
1.9.0-beta1
1.9.1
1.9.2

Other

continuous
nightly