← Back to CVE List

CVE-2023-39520

Published: 2023-08-07T20:15Z
Last Modified: 2025-04-10T20:53Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt