CVE-2015-1426

EPSS 0.06%

Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata

Published: 5/14/2022Modified: 4/28/2026

Description

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

Affected packages (2)

Debian/facterfrom 0, < 2.4.4-1
RubyGems/facter>= 1.6.0, < 2.4.1

References (6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-1426
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-1426
PATCHhttps://github.com/puppetlabs/facter
WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2015-1426.yml
WEBhttps://web.archive.org/web/20150906195742/http://puppetlabs.com/security/cve/cve-2015-1426
WEBhttps://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata