Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-1426

Опубликовано: 23 фев. 2015
Источник: debian

Описание

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
facterfixed2.4.4-1package
facterno-dsajessiepackage
facternot-affectedsqueezepackage
facterno-dsawheezypackage

Примечания

  • http://puppetlabs.com/security/cve/cve-2015-1426

  • https://tickets.puppetlabs.com/browse/FACT-800

  • The assessment for Squeeze being unaffected is based on the fact that the code accesses http://169.254.169.254/2008-02-01/meta-data/ and that http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html mentions the iam/security-credentials/role key as being introduced in version 2012-01-12.

Связанные уязвимости

ubuntu логотип

CVE-2015-1426

ubuntu
почти 11 лет назад

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

redhat логотип

CVE-2015-1426

redhat
почти 11 лет назад

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

nvd логотип

CVE-2015-1426

nvd
почти 11 лет назад

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

github логотип

GHSA-j436-h7hm-rx46

github
больше 3 лет назад

Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata