Puppetlabs Facter vulnerabilities
2 known vulnerabilities affecting puppetlabs/facter.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2015-1426LOWCVSS 2.1v1.6.1v1.6.2+23 more2015-02-23
CVE-2015-1426 [LOW] CWE-200 CVE-2015-1426: Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instan
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
nvd
CVE-2014-3248MEDIUMCVSS 6.2≥ 1.6.0, ≤ 1.6.182014-11-16
CVE-2014-3248 [MEDIUM] CWE-17 CVE-2014-3248: Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated
nvd