Cryptomator Arbitrary File Access Vulnerability via Unverified Masterkeyfile Key IDs

A vulnerability in Cryptomator versions 1.6.0 prior to 1.19.1 allows for arbitrary file access through unverified masterkeyfile key IDs in the vault configuration. The issue arises because the application parses vault configurations before verifying their integrity. The masterkeyfile loader uses the unverified key ID as a filesystem path, directly resolving it against the vault path and immediately checking for file existence. This behavior can be exploited by supplying parent-directory escapes, absolute local paths, or UNC paths to access unauthorized files or trigger outbound SMB connections on Windows. The vulnerability has been patched in version 1.19.1.

Impact

Exploitation of this vulnerability can lead to unauthorized access of local files outside the vault root, or to outbound network access to attacker-controlled UNC paths on Windows, potentially leaking NTLM authentication material or exposing hostnames and user context to the attacker.

Reproduction

To reproduce this vulnerability, create or modify a vault configuration to include a masterkeyfile URI that points to an external path, such as a UNC path on Windows. Add the vault to Cryptomator and initiate the unlock process. Before entering a passphrase, observe that Cryptomator resolves the external path and checks its existence, which can trigger an outbound SMB connection to the attacker-controlled share.

Remediation

Users should update to Cryptomator version 1.19.1 or later, where this vulnerability has been fixed.