Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qNDM2LWg3aG0tcng0Ns4AATVN

Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

Permalink: https://github.com/advisories/GHSA-j436-h7hm-rx46
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNDM2LWg3aG0tcng0Ns4AATVN
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 11 months ago

Identifiers: GHSA-j436-h7hm-rx46, CVE-2015-1426
References:

Blast Radius: 0.0

Affected Packages

rubygems:facter

Dependent packages: 102
Dependent repositories: 14,131
Downloads: 42,477,985 total
Affected Version Ranges: >= 1.6.0, < 2.4.1
Fixed in: 2.4.1
All affected versions: 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15, 1.6.16, 1.6.17, 1.6.18, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 2.0.1, 2.0.2, 2.1.0, 2.2.0, 2.3.0, 2.4.0
All unaffected versions: 1.0.1, 1.1.1, 1.3.3, 1.3.7, 1.3.8, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 2.4.1, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.5.0, 2.5.1, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.0.15, 4.0.16, 4.0.17, 4.0.18, 4.0.19, 4.0.20, 4.0.21, 4.0.22, 4.0.23, 4.0.24, 4.0.25, 4.0.26, 4.0.28, 4.0.29, 4.0.30, 4.0.31, 4.0.32, 4.0.33, 4.0.34, 4.0.35, 4.0.36, 4.0.37, 4.0.38, 4.0.39, 4.0.40, 4.0.41, 4.0.42, 4.0.43, 4.0.44, 4.0.46, 4.0.47, 4.0.48, 4.0.49, 4.0.50, 4.0.51, 4.0.52, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 4.2.13, 4.2.14, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.7.0