Remove metadata when sharing files
Summary​
The organization must remove file metadata before sharing it or making it public.
Description​
Metadata includes different data such as the user's name, document properties, editing history, and comments. This metadata can inadvertently reveal sensitive details about the document and its editors.
Supported In​
This requirement is verified in following services
Plan | Supported |
---|---|
Essential | 🔴 |
Advanced | 🟢 |
References​
- CWEâ„¢-1230. Exposure of sensitive information through metadata
- GDPR-25_1. Data protection by design and by default
- GDPR-R51. Protecting sensitive personal data
- OWASP TOP 10-A2. Cryptographic failures
- OWASP TOP 10-A3. Injection
- CMMC-AC_L1-3_1_22. Control public information
- HITRUST CSF-09_z. Publicly available information
- FedRAMP-AC-22. Publicly accessible content
- LGPD-7_X-3. Requirements for the Processing of Personal Data
- PTES-3_4_1_4_1. Corporate - Electronic (document metadata)
- PTES-3_4_1_5_7. Corporate - Infrastructure assets (application usage)
- PTES-5_3_1. Vulnerability analysis - Metadata
- SIG Lite-SL_79. Is a web site supported, hosted or maintained that has access to scoped systems and data?
Vulnerabilities​
free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.