Silent Failure in Metadata Anonymisation Toolkit (MAT) Allows Information Disclosure
CVE-2017-9149 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted.
Learn more about our Web Application Penetration Testing UK.