CVE-2015-1426: Exposure of Sensitive Information to an Unauthorized Actor
(updated )
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
References
- github.com/advisories/GHSA-j436-h7hm-rx46
- github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2015-1426.yml
- nvd.nist.gov/vuln/detail/CVE-2015-1426
- web.archive.org/web/20150906195742/http://puppetlabs.com/security/cve/cve-2015-1426
- www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata
Detect and mitigate CVE-2015-1426 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →