CVE-2017-1000485

2022-10-0316:23:10

mitre

www.cve.org

nylas mail

permissions

vulnerability

filesystem operations

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.

References

github.com/nylas-mail-lives/nylas-mail/issues/181