Insecure Permissions in Nylas Mail Lives 2.2.2 Expose Sensitive Authentication Information

CVE-2017-1000485 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.

Learn more about our User Device Pen Test.