Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qNDM2LWg3aG0tcng0Ns4AATVN
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
Permalink: https://github.com/advisories/GHSA-j436-h7hm-rx46JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNDM2LWg3aG0tcng0Ns4AATVN
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 11 months ago
Identifiers: GHSA-j436-h7hm-rx46, CVE-2015-1426
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-1426
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2015-1426.yml
- https://web.archive.org/web/20150906195742/http://puppetlabs.com/security/cve/cve-2015-1426
- https://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata
- https://github.com/advisories/GHSA-j436-h7hm-rx46
Affected Packages
rubygems:facter
Dependent packages: 102Dependent repositories: 14,131
Downloads: 42,477,985 total
Affected Version Ranges: >= 1.6.0, < 2.4.1
Fixed in: 2.4.1
All affected versions: 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15, 1.6.16, 1.6.17, 1.6.18, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 2.0.1, 2.0.2, 2.1.0, 2.2.0, 2.3.0, 2.4.0
All unaffected versions: 1.0.1, 1.1.1, 1.3.3, 1.3.7, 1.3.8, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 2.4.1, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.5.0, 2.5.1, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.0.15, 4.0.16, 4.0.17, 4.0.18, 4.0.19, 4.0.20, 4.0.21, 4.0.22, 4.0.23, 4.0.24, 4.0.25, 4.0.26, 4.0.28, 4.0.29, 4.0.30, 4.0.31, 4.0.32, 4.0.33, 4.0.34, 4.0.35, 4.0.36, 4.0.37, 4.0.38, 4.0.39, 4.0.40, 4.0.41, 4.0.42, 4.0.43, 4.0.44, 4.0.46, 4.0.47, 4.0.48, 4.0.49, 4.0.50, 4.0.51, 4.0.52, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 4.2.13, 4.2.14, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.7.0