CVE-2015-1426.yml

---
gem: facter
cve: 2015-1426
ghsa: j436-h7hm-rx46
url: https://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata
title: Puppet Labs Facter allows local users to obtains sensitive Amazon
  EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
date: 2015-02-10
description: |
  Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to
  obtains sensitive Amazon EC2 IAM instance metadata by reading
  a fact for an Amazon EC2 node.
cvss_v2: 2.1
cvss_v3: 1.3
unaffected_versions:
  - "< 1.6.0"
patched_versions:
  - ">= 2.4.1"
related:
  url:
    - https://nvd.nist.gov/vuln/detail/CVE-2015-1426
    - https://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata
    - https://sca.analysiscenter.veracode.com/vulnerability-database/security/disclosure-amazon-ec2-iam-instance/ruby/sid-1508/summary
    - https://srcclr.com/security/disclosure-amazon-ec2-iam-instance/ruby/s-1508
    - https://github.com/rubysec/ruby-advisory-db/issues/238
    - https://github.com/advisories/GHSA-j436-h7hm-rx46