CVE-2015-1426 – facter

Package

Manager: gem
Name: facter
Vulnerable Version: >=1.6.0 <2.4.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00059 pctl0.18634

Details

Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

Metadata

Created: 2022-05-14T00:56:48Z
Modified: 2023-06-07T15:07:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j436-h7hm-rx46/GHSA-j436-h7hm-rx46.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-j436-h7hm-rx46
Finding: F038
Auto approve: 1