Pfiatde

**Name of the Vulnerable Software and Affected Versions** Cryptomator version 1.9.2 **Description** Cryptomator encrypts data being stored on cloud infrastructure. The issue allows local privilege escalation for low privileged users via the `repair` function. This occurs because the repair function of the MSI installer spawns a SYSTEM Powershell without the `-NoProfile` parameter, loading the profile of the user starting the repair. **Recommendations** For Cryptomator version 1.9.2, update to version 1.9.3 to resolve the issue. As a temporary workaround, consider adding a `-NoProfile` parameter to the Powershell command to prevent the user's profile from being loaded during the repair process.

**Name of the Vulnerable Software and Affected Versions** Cryptomator versions prior to 1.9.2 **Description** The issue affects data encryption software for cloud storage, allowing local privilege escalation for low-privileged users if the software is already installed. This occurs because the repair function of the MSI installer spawns administrative CMDs, making a simple breakout possible. **Recommendations** For versions prior to 1.9.2, update to version 1.9.2 to resolve the issue. As a temporary workaround, consider restricting the use of the repair function in the MSI installer until the update is applied.