/
CVE-2015-1426.yml
26 lines (26 loc) · 1.1 KB
/
CVE-2015-1426.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
---
gem: facter
cve: 2015-1426
ghsa: j436-h7hm-rx46
url: https://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata
title: Puppet Labs Facter allows local users to obtains sensitive Amazon
EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
date: 2015-02-10
description: |
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to
obtains sensitive Amazon EC2 IAM instance metadata by reading
a fact for an Amazon EC2 node.
cvss_v2: 2.1
cvss_v3: 1.3
unaffected_versions:
- "< 1.6.0"
patched_versions:
- ">= 2.4.1"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2015-1426
- https://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata
- https://sca.analysiscenter.veracode.com/vulnerability-database/security/disclosure-amazon-ec2-iam-instance/ruby/sid-1508/summary
- https://srcclr.com/security/disclosure-amazon-ec2-iam-instance/ruby/s-1508
- https://github.com/rubysec/ruby-advisory-db/issues/238
- https://github.com/advisories/GHSA-j436-h7hm-rx46