Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cryptomator's MSI installer allows local privilege escalation
Vulnerability Description
Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
Cryptomator 安全漏洞
Vulnerability Description
Cryptomator是Cryptomator社区的一个简单的数字自卫工具。用于保护数据。 Cryptomator 1.9.2之前版本存在安全漏洞,该漏洞源于主页上提供的MSI安装程序允许低权限用户进行本地权限升级。
CVSS Information
N/A
Vulnerability Type
N/A