CVE-2023-39520 - OpenCVE

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Cryptomator	Cryptomator

Configuration 1 [-]

cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b
https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi
https://github.com/cryptomator/cryptomator/releases/tag/1.9.3
https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3

History

Thu, 03 Oct 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-08-07T19:35:45.782Z

Updated: 2024-10-03T18:05:22.270Z

Reserved: 2023-08-03T16:27:36.262Z

Link: CVE-2023-39520

Vulnrichment

Updated: 2024-08-02T18:10:21.099Z

NVD

Status : Analyzed

Published: 2023-08-07T20:15:09.987

Modified: 2023-08-11T18:10:39.823

Link: CVE-2023-39520

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39520", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-03T16:27:36.262Z", "datePublished": "2023-08-07T19:35:45.782Z", "dateUpdated": "2024-10-03T18:05:22.270Z"}, "containers": {"cna": {"title": "Cryptomator vulnerable to Local Elevation of Privileges", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "lang": "en", "description": "CWE-269: Improper Privilege Management", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3"}, {"name": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b", "tags": ["x_refsource_MISC"], "url": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b"}, {"name": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi", "tags": ["x_refsource_MISC"], "url": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi"}, {"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3"}], "affected": [{"vendor": "cryptomator", "product": "cryptomator", "versions": [{"version": "<= 1.9.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-07T19:35:45.782Z"}, "descriptions": [{"lang": "en", "value": "Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround."}], "source": {"advisory": "GHSA-62gx-54j7-mjh3", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:21.099Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3"}, {"name": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b"}, {"name": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi"}, {"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3"}]}, {"affected": [{"vendor": "cryptomator", "product": "cryptomator", "cpes": ["cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.9.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-03T18:04:44.840863Z", "id": "CVE-2023-39520", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T18:05:22.270Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3", "name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b", "name": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi", "name": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3", "name": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:21.099Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39520", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-03T18:04:44.840863Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*"], "vendor": "cryptomator", "product": "cryptomator", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.9.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T18:05:17.145Z"}}], "cna": {"title": "Cryptomator vulnerable to Local Elevation of Privileges", "source": {"advisory": "GHSA-62gx-54j7-mjh3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "cryptomator", "product": "cryptomator", "versions": [{"status": "affected", "version": "<= 1.9.2"}]}], "references": [{"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3", "name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b", "name": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi", "name": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3", "name": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-07T19:35:45.782Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39520", "state": "PUBLISHED", "dateUpdated": "2024-10-03T18:05:22.270Z", "dateReserved": "2023-08-03T16:27:36.262Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-08-07T19:35:45.782Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cryptomator:cryptomator:*:*:*:*:*:*:*:*", "matchCriteriaId": "70F961A7-CA2E-475A-B2C2-BCB3820F9CDD", "versionEndExcluding": "1.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround."}], "id": "CVE-2023-39520", "lastModified": "2023-08-11T18:10:39.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-08-07T20:15:09.987", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/cryptomator/cryptomator/commit/727c32ad50c3901a6144a11cf984a3b7ebcf8b2b"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/cryptomator/cryptomator/releases/download/1.9.2/Cryptomator-1.9.2-x64.msi"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/cryptomator/cryptomator/releases/tag/1.9.3"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-62gx-54j7-mjh3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security-advisories@github.com", "type": "Primary"}]}