PT-2018-5250 · Nylas · Nylas Mail
L2Dyo
·
Published
2018-01-03
·
Updated
2019-10-03
·
CVE-2017-1000485
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nylas Mail Lives version 2.2.2
Description
The issue allows local users to obtain sensitive authentication information via standard filesystem operations due to the use of 0755 permissions for $HOME/.nylas-mail.
Recommendations
For version 2.2.2, consider changing the permissions of $HOME/.nylas-mail to a more restrictive setting to prevent unauthorized access to sensitive authentication information.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nylas Mail