Silent Failure in Metadata Anonymisation Toolkit (MAT) Allows Information Disclosure

CVE-2017-9149 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted.

Learn more about our Web Application Penetration Testing UK.