CVE-2017-9149 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Metadata Anonymisation Toolkit Project	Metadata Anonymisation Toolkit	0.6

Related Weaknesses (CWE)

CWE-200

References

https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59aPatch
https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9Patch
https://0xacab.org/mat/mat/issues/11527Issue Tracking
https://bugs.debian.org/858058Mailing List
https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59aPatch
https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9Patch
https://0xacab.org/mat/mat/issues/11527Issue Tracking
https://bugs.debian.org/858058Mailing List

FAQ

What is CVE-2017-9149?

CVE-2017-9149 is a vulnerability with a CVSS score of 7.5 (HIGH). Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obt...

How severe is CVE-2017-9149?

CVE-2017-9149 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-9149?

Check the references section above for vendor advisories and patch information. Affected products include: Metadata Anonymisation Toolkit Project Metadata Anonymisation Toolkit.