CVE-2017-9149 Information

Description

Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform \Clean metadata\ actions upon invocation from the Nautilus contextual menu which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9 https://0xacab.org/mat/mat/issues/11527 https://bugs.debian.org/858058

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5