CVE-2015-1426 (facter): Puppet Labs Facter allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

ADVISORIES

CVE-2015-1426 (NVD)
GHSA-j436-h7hm-rx46
Vendor Advisory

GEM

facter

SEVERITY

CVSS v3.x: 1.3 (Low)

CVSS v2.0: 2.1 (Low)

UNAFFECTED VERSIONS

< 1.6.0

PATCHED VERSIONS

>= 2.4.1

DESCRIPTION

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

https://nvd.nist.gov/vuln/detail/CVE-2015-1426
https://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata
https://sca.analysiscenter.veracode.com/vulnerability-database/security/disclosure-amazon-ec2-iam-instance/ruby/sid-1508/summary
https://srcclr.com/security/disclosure-amazon-ec2-iam-instance/ruby/s-1508
https://github.com/rubysec/ruby-advisory-db/issues/238
https://github.com/advisories/GHSA-j436-h7hm-rx46

RubySec

CVE-2015-1426 (facter): Puppet Labs Facter allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

ADVISORIES

GEM

SEVERITY

UNAFFECTED VERSIONS

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories