Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: cryptomator-cli

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-29110
2.2 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 month, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @mweinelt accepted 1 month, 3 weeks ago
  • @mweinelt published on GitHub 1 month, 3 weeks ago
Cryptomator: Leaking of cleartext paths into log file in non-debug mode

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every cleartext path is logged. Only if a filesystem request fails for some reason (e.g. damaged encrypted file, not existing file), a log message is created. This issue has been patched in version 1.19.0.

Affected products

cryptomator
  • ==< 1.19.0

Matching in nixpkgs

pkgs.cryptomator-cli

Command line program to access encrypted Cryptomator vaults

Package maintainers