Remove metadata when sharing files
Summary
The organization must remove file metadata before sharing it or making it public.
Description
Metadata includes different data such as the user's name, document properties, editing history, and comments. This metadata can inadvertently reveal sensitive details about the document and its editors.
References
- CWE-1230. Exposure of sensitive information through metadata
- GDPR-25_1. Data protection by design and by default
- GDPR-R51. Protecting sensitive personal data
- OWASP10-A2. Cryptographic failures
- OWASP10-A3. Injection
- CMMC-AC_L1-3_1_22. Control public information
- HITRUST-09_z. Publicly available information
- FEDRAMP-AC-22. Publicly accessible content
- LGPD-7_X-3. Requirements for the Processing of Personal Data
- PTES-3_4_1_4_1. Corporate - Electronic (document metadata)
- PTES-3_4_1_5_7. Corporate - Infrastructure assets (application usage)
- PTES-5_3_1. Vulnerability analysis - Metadata
- SIGLITE-SL_79. Is a web site supported, hosted or maintained that has access to scoped systems and data?
Weaknesses
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.