119 – Metadata with sensitive information

Description

The system exposes sensitive information through public metadata files.

Impact

- Obtain sensitive information. - Obtain information that can be used to compromise other systems.

Recommendation

Delete files metadata before sharing or publishing them.

Threat

Attacker with access to the repository from the Internet.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 045 - Remove metadata when sharing files

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Python
• Ruby
• Swift
• Typescript

Last updated

2024/02/13