CVE-2023-37907

Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/cryptomator/cryptomator/commit/b48ebd524b1626bf12ac98e35a7670b868fa208c	Patch
https://github.com/cryptomator/cryptomator/releases/tag/1.9.2	Release Notes
https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9c9p-c3mg-hpjq	Exploit Issue Tracking Vendor Advisory
https://github.com/cryptomator/cryptomator/commit/b48ebd524b1626bf12ac98e35a7670b868fa208c	Patch
https://github.com/cryptomator/cryptomator/releases/tag/1.9.2	Release Notes
https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9c9p-c3mg-hpjq	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-07-25 21:15

Updated : 2024-11-21 08:12

NVD link : CVE-2023-37907

Mitre link : CVE-2023-37907

CVE.ORG link : CVE-2023-37907

JSON object : View

Products Affected

cryptomator

cryptomator

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2023-37907", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-07-25T21:15:10.647", "references": [{"url": "https://github.com/cryptomator/cryptomator/commit/b48ebd524b1626bf12ac98e35a7670b868fa208c", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.2", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9c9p-c3mg-hpjq", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/cryptomator/cryptomator/commit/b48ebd524b1626bf12ac98e35a7670b868fa208c", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.2", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9c9p-c3mg-hpjq", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue."}], "lastModified": "2024-11-21T08:12:26.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6EF2069-0E55-490C-B06D-DB5B9BC584D2", "versionEndExcluding": "1.9.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}