PT-2015-5279 · Puppet · Facter

Published

2015-02-23

Updated

2022-05-14

CVE-2015-1426

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Puppet Labs Facter versions 1.6.0 through 2.4.0

Description The issue allows local users to obtain sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

Recommendations For versions 1.6.0 through 2.4.0, consider restricting access to sensitive Amazon EC2 IAM instance metadata to prevent unauthorized reading of facts for Amazon EC2 nodes.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-1426

GHSA-J436-H7HM-RX46

Affected Products

Facter

PT-2015-5279 · Puppet · Facter

CVE-2015-1426

Weakness Enumeration

Related Identifiers

Affected Products

References · 13