CVE-2015-1426

Puppet Labs Facter <2.4.0 - Info Disclosure

Title source: llm

Description

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://puppetlabs.com/security/cve/cve-2015-1426

Scores

EPSS 0.0006

EPSS Percentile 18.4%

Details

CWE

CWE-200

Status published

Products (37)

puppet/facter 1.6.0

puppet/facter 1.6.1 rc1 (4 CPE variants)

puppet/facter 1.6.2 rc1

puppet/facter 1.6.3 rc1

puppet/facter 1.6.4 rc1

puppet/facter 1.6.5 rc1

puppet/facter 1.6.6 rc1 (2 CPE variants)

puppet/facter 1.6.7 rc1

puppet/facter 1.6.8 rc1

puppet/facter 1.6.9 rc1

... and 27 more

Published Feb 23, 2015

Tracked Since Feb 18, 2026