https://demo-publify.herokuapp.com/admin/resources
as a low privileged user
the meta data of the image like geolocation, device information, version, name
etc is not getting stripped, as a result the attacker can collect all the meta data information of the image by using tools like exif tool, metadata checker etc which is publicly available.https://demo-publify.herokuapp.com/admin/resources
original size
or open the image in new tabhttp://exif-viewer.com
and check the image metadata by pasting the copied link, al the sensitive informations got disclosed publicly