CVE-2023-37907: 
NixOS vulnerability analysis and mitigation

Cryptomator, a data encryption software for cloud storage users, was found to contain a local privilege escalation vulnerability (CVE-2023-37907) in versions prior to 1.9.2. The vulnerability exists in the MSI installer provided on the homepage, which allows low-privileged users to escalate their privileges if the software is already installed (GitHub Advisory).

The vulnerability occurs in the repair function of the MSI installer, which spawns two administrative command prompt windows (CMD) with SYSTEM privileges. When the repair function is triggered via 'msiexec.exe /fa', these command windows become accessible to low-privileged users, allowing for privilege escalation through a simple breakout mechanism (GitHub Advisory, NVD). The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows local attackers with low privileges to gain SYSTEM-level access on affected systems. This is particularly concerning in enterprise environments where the MSI installer might be cached through software deployment tools like SCCM, leaving systems vulnerable even after installation (GitHub Advisory).

The vulnerability has been fixed in Cryptomator version 1.9.2. Users are strongly advised to upgrade to this version or later. The fix addresses the underlying issue in the MSI installer that allowed the privilege escalation (GitHub Release).