Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the -NoProfile parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a -NoProfile to the powershell is a possible workaround.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cryptomator | Cryptomator | * | 1.9.3 (excluding) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html
References
- https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b
- https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi
- https://github.com/cryptomator/cryptomator/releases/tag/1.9.3
- https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3
- https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b
- https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi
- https://github.com/cryptomator/cryptomator/releases/tag/1.9.3
- https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3