CVE-2015-1426

EPSS 0.06%

Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata

發布日:2022/5/14修改日:2026/4/28

也稱為:GHSA-j436-h7hm-rx46DEBIAN-CVE-2015-1426

描述

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

受影響套件(2)

Debian/facterfrom 0, < 2.4.4-1
RubyGems/facter>= 1.6.0, < 2.4.1

參考連結(6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-1426
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-1426
PATCHhttps://github.com/puppetlabs/facter
WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2015-1426.yml
WEBhttps://web.archive.org/web/20150906195742/http://puppetlabs.com/security/cve/cve-2015-1426
WEBhttps://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata