Vulnerability Details : CVE-2017-9149
Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted.
Vulnerability category: Information leak
Products affected by CVE-2017-9149
- cpe:2.3:a:metadata_anonymisation_toolkit_project:metadata_anonymisation_toolkit:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:metadata_anonymisation_toolkit_project:metadata_anonymisation_toolkit:0.6.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9149
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9149
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-9149
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9149
-
https://bugs.debian.org/858058
#858058 - mat: CVE-2017-9149: "Clean metadata" contextual menu silently fails - Debian Bug report logsMailing List
-
https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9
Make the Nautilus extension work again. (94ca62a4) · Commits · mat / mat · GitLabPatch
-
https://0xacab.org/mat/mat/issues/11527
Nautilus extension silently broken in 0.6 and 0.6.1 (#11527) · Issues · mat / mat · GitLabIssue Tracking
-
https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a
Revert "Improves a bit portability" (8f6303a1) · Commits · mat / mat · GitLabPatch
Jump to