CVE-2015-1426Sensitive Information Exposure in Facter

CWE-200Sensitive Information Exposure10 documents7 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 81.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Puppet FacterPuppetlabs Facter
Timeline
PublishedFeb 23
Latest updateMay 14

Description

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

NVDpuppetlabs/facter25 versions+24
NVDpuppet/facter32 versions+31

🔴Vulnerability Details

4
GHSA
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata2022-05-14
OSV
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata2022-05-14
OSV
CVE-2015-1426: Puppet Labs Facter 12015-02-23
CVEList
CVE-2015-1426: Puppet Labs Facter 12015-02-23

📋Vendor Advisories

2
Red Hat
facter: potential sensitive information leakage in Facter's Amazon EC2 metadata facts handling2015-02-10
Debian
CVE-2015-1426: facter - Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive A...2015

💬Community

3
Bugzilla
CVE-2015-1426 facter: potential sensitive information leakage in Facter's Amazon EC2 metadata facts handling [fedora-all]2015-02-11
Bugzilla
CVE-2015-1426 facter: potential sensitive information leakage in Facter's Amazon EC2 metadata facts handling [epel-all]2015-02-11
Bugzilla
CVE-2015-1426 facter: potential sensitive information leakage in Facter's Amazon EC2 metadata facts handling2015-02-11
CVE-2015-1426 — Sensitive Information Exposure | cvebase