Vulnerability Details CVE-2017-9149
Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a
- https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9
- https://0xacab.org/mat/mat/issues/11527
- https://bugs.debian.org/858058
- https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a
- https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9
- https://0xacab.org/mat/mat/issues/11527
- https://bugs.debian.org/858058
Products affected by CVE-2017-9149
-
cpe:2.3:a:metadata_anonymisation_toolkit_project:metadata_anonymisation_toolkit:0.6
-
cpe:2.3:a:metadata_anonymisation_toolkit_project:metadata_anonymisation_toolkit:0.6.1