Infe0

**Name of the Vulnerable Software and Affected Versions** Cryptomator versions prior to 1.19.0 **Description** Cryptomator encrypts data stored on cloud infrastructure. Before version 1.19.0, in non-debug mode, Cryptomator could log cleartext file paths. This could reveal metadata about files within a vault when the vault is closed. Cleartext paths are only logged if a filesystem request fails, such as when an encrypted file is damaged or does not exist. **Recommendations** Update to version 1.19.0 or later.