CVE-2023-37907

Name of the Vulnerable Software and Affected Versions Cryptomator versions prior to 1.9.2

Description The issue affects data encryption software for cloud storage, allowing local privilege escalation for low-privileged users if the software is already installed. This occurs because the repair function of the MSI installer spawns administrative CMDs, making a simple breakout possible.

Recommendations For versions prior to 1.9.2, update to version 1.9.2 to resolve the issue. As a temporary workaround, consider restricting the use of the repair function in the MSI installer until the update is applied.