CVE-2015-1426

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://puppetlabs.com/security/cve/cve-2015-1426	Vendor Advisory
http://puppetlabs.com/security/cve/cve-2015-1426	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:puppet:facter:1.6.0:::::::*
	cpe:2.3:a:puppet:facter:1.6.1:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.1:rc2::::::
	cpe:2.3:a:puppet:facter:1.6.1:rc3::::::
	cpe:2.3:a:puppet:facter:1.6.1:rc4::::::
	cpe:2.3:a:puppet:facter:1.6.2:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.3:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.4:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.5:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.6:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.6:rc2::::::
	cpe:2.3:a:puppet:facter:1.6.7:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.8:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.9:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.10:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.11:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.12:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.12:rc2::::::
	cpe:2.3:a:puppet:facter:1.6.13:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.14:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.15:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.16:::::::*
	cpe:2.3:a:puppet:facter:1.6.17:rc1::::::
	cpe:2.3:a:puppet:facter:1.6.18:rc1::::::
	cpe:2.3:a:puppet:facter:1.7.0:rc1::::::
	cpe:2.3:a:puppet:facter:1.7.0:rc2::::::
	cpe:2.3:a:puppet:facter:1.7.1:rc1::::::
	cpe:2.3:a:puppet:facter:1.7.2:rc1::::::
	cpe:2.3:a:puppet:facter:1.7.3:rc1::::::
	cpe:2.3:a:puppet:facter:1.7.4:rc1::::::
	cpe:2.3:a:puppet:facter:1.7.5:rc1::::::
	cpe:2.3:a:puppet:facter:1.7.5:rc2::::::
	cpe:2.3:a:puppet:facter:2.0.0:rc1::::::
	cpe:2.3:a:puppet:facter:2.0.0:rc2::::::
	cpe:2.3:a:puppet:facter:2.0.0:rc3::::::
	cpe:2.3:a:puppet:facter:2.0.0:rc4::::::
	cpe:2.3:a:puppet:facter:2.0.1:rc1::::::
	cpe:2.3:a:puppet:facter:2.0.1:rc2::::::
	cpe:2.3:a:puppet:facter:2.0.1:rc3::::::
	cpe:2.3:a:puppet:facter:2.0.1:rc4::::::
	cpe:2.3:a:puppet:facter:2.0.2:::::::*
	cpe:2.3:a:puppet:facter:2.1.0:::::::*
	cpe:2.3:a:puppet:facter:2.2.0:::::::*
	cpe:2.3:a:puppet:facter:2.3.0:::::::*
	cpe:2.3:a:puppet:facter:2.4.0:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.1:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.2:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.3:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.4:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.5:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.6:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.7:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.8:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.9:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.10:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.11:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.12:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.13:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.14:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.15:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.17:::::::*
	cpe:2.3:a:puppetlabs:facter:1.6.18:::::::*
	cpe:2.3:a:puppetlabs:facter:1.7.0:::::::*
	cpe:2.3:a:puppetlabs:facter:1.7.1:::::::*
cpe:2.3:a:puppetlabs:facter:1.7.2:::::::*
cpe:2.3:a:puppetlabs:facter:1.7.3:::::::*
cpe:2.3:a:puppetlabs:facter:1.7.4:::::::*
cpe:2.3:a:puppetlabs:facter:1.7.5:::::::*
cpe:2.3:a:puppetlabs:facter:1.7.6:::::::*
cpe:2.3:a:puppetlabs:facter:2.0.1:::::::*

History

21 Nov 2024, 02:25

Type	Values Removed	Values Added
References	~~() http://puppetlabs.com/security/cve/cve-2015-1426 - Vendor Advisory~~	() http://puppetlabs.com/security/cve/cve-2015-1426 - Vendor Advisory

Information

Published : 2015-02-23 17:59

Updated : 2024-11-21 02:25

NVD link : CVE-2015-1426

Mitre link : CVE-2015-1426

CVE.ORG link : CVE-2015-1426

JSON object : View

Products Affected

puppetlabs

facter

puppet

facter

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

2.1 /10