CVE-2015-1426

Опубликовано: 10 фев. 2015

Источник: redhat

CVSS2: 1.7

EPSS Низкий

Описание

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

Отчет

This issue did not affect the versions of facter as shipped with various Red Hat products as they do not use puppet and facter to control Amazon EC2 instances directly.

Затронутые пакеты

Платформа	Пакет	Состояние
OpenStack Foreman	facter	Not affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	facter	Not affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	facter	Not affected
Red Hat Enterprise MRG 1	facter	Not affected
Red Hat OpenShift Enterprise 2	facter	Not affected
Red Hat OpenStack Platform 4	facter	Not affected
Red Hat Satellite 6	facter	Not affected
Red Hat Subscription Asset Manager	facter	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=1191538facter: potential sensitive information leakage in Facter's Amazon EC2 metadata facts handling

EPSS

Процентиль: 18%

0.00059

Низкий

1.7 Low

CVSS2

Связанные уязвимости

CVE-2015-1426

ubuntu

почти 11 лет назад

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

CVE-2015-1426

nvd

почти 11 лет назад

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

CVE-2015-1426

debian

почти 11 лет назад

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains s ...

GHSA-j436-h7hm-rx46

github

больше 3 лет назад

Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata

EPSS

Процентиль: 18%

0.00059

Низкий

1.7 Low

CVSS2