Metadata with sensitive information
Description
The system exposes sensitive information through public metadata files.
Impact
- Obtain sensitive information. - Obtain information that can be used to compromise other systems.
Recommendation
Delete files metadata before sharing or publishing them.
Threat
Attacker with access to the repository from the Internet.
Expected Remediation Time
⏱️ 15 minutes.
Requirements
045 - Remove metadata when sharing filesScore
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
U
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U