BasiliX Webmail Mail Attachment Disclosure Vulnerability

BasiliX Webmail Mail Attachment Disclosure Vulnerability

Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support.

It is possible for local users to view files that have been attached to outgoing mail messages by users of the webmail system. This issue is due to a flaw in permissions on the /tmp/BasiliX directory.

Revealing user files could disclose potentially sensitive information.