{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-02-23T16:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://puppetlabs.com/security/cve/cve-2015-1426"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1426", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://puppetlabs.com/security/cve/cve-2015-1426", "refsource": "CONFIRM", "url": "http://puppetlabs.com/security/cve/cve-2015-1426"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:40:18.570Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://puppetlabs.com/security/cve/cve-2015-1426"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-1426", "datePublished": "2015-02-23T17:00:00", "dateReserved": "2015-01-30T00:00:00", "dateUpdated": "2024-08-06T04:40:18.570Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:facter:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D737A82F-19E0-4E23-A43B-5EE70E0332A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "57CD98E4-4DA3-40E9-BC8C-B3617601D98C", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "6991FB1B-7F6C-4B01-B5A7-B50FE58D7D26", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "86DA5222-1FB4-4F83-A953-5BEAA6D03019", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "A0F60168-51AB-44FC-803F-1D12A4D16F1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "9C24505E-ABCB-4547-A606-CE03C89FC7C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "7BDFBA53-E90B-44EA-9026-F74F4F1C28C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "028DEEE4-0544-486E-8B3B-A97A27E875A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "8053AA40-676B-408A-9881-1253FCBF66C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "09593FCA-26DB-4B19-8672-BA28C90310FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "9D96AE67-0F52-4C48-9FAB-3B920835F6A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "0328C1C1-4984-4AAF-B6D0-DFD5BC03C27A", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "3FEEEC9C-BFCC-4343-B454-457579E32932", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "137E0DB9-D78C-4BD6-BC20-120DC969D02C", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "7873A8C8-5AE7-4671-A3BA-9609BD2E96A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "5FECC098-22E3-47B4-B31E-68177F6C9F60", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "DCB547BD-2CF0-4127-B132-45DCA8D2E6B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "FDB66B0D-D130-4A25-9EFC-CE160AE14B29", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "B2AE95B5-A9C9-44B2-BBF4-9F3822E358FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "DDD9C025-41F9-4DAB-9765-7011B3D97F80", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "36BE8080-9698-4913-B220-ED4B832362F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "8740BCF1-3A8F-4CF5-B741-2587491E0570", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.17:rc1:*:*:*:*:*:*", "matchCriteriaId": "20B2F559-FFEF-44B8-B362-71F4BA399ED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.6.18:rc1:*:*:*:*:*:*", "matchCriteriaId": "D0E65056-16A9-4379-B77A-6452E7EB4BB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8560994E-0523-488A-8841-A25808A65900", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "0E3B44AD-55B3-4D07-9B3C-FF24B2135BAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.7.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "0112CE0E-95BD-46B4-A774-35CFE51FD664", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.7.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "2070A85A-68F7-4E99-861B-BC80105B2ED9", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.7.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "0B79238A-716F-4B2F-A056-3DDB54844392", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.7.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "255E42F6-D6A8-4368-9585-F13F899ABE2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.7.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "D9116AC3-5286-4C1A-AE5F-A52420F45D43", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:1.7.5:rc2:*:*:*:*:*:*", "matchCriteriaId": "03A76E34-06D2-4E56-9247-351DD20217DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1880B374-9898-4F94-A79A-EC3FC6417C78", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "8731DD0A-1765-4D01-B84A-B11B2C3D3C8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "8C2C4B26-82E1-414C-8908-8C0B67933D3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "5F6D393E-C815-435A-AD62-C50FB8221852", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "789555F6-BAFE-4468-BDEC-9575F9C3B348", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "601F4999-5841-4C0B-92C9-20D6276A43FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "06432280-17CC-4219-9D02-81370F3D97BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "2F103639-4964-426B-9D23-7DE777ECD388", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1716719D-3AD2-42B8-B08F-3ED81436078A", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "76E392C1-8C99-4CD2-A836-BEB9ECD1BD1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB6D88D0-8453-4769-9897-DC734594B9C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "83654CD8-0AC4-4EB1-8C02-DDA991AD9724", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:facter:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "225A0038-75A0-4C59-834A-5FA3D14BB863", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "41A6BF93-F9D3-4E77-A264-B724BB61F4B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "BF742870-5171-4CAF-9886-3569572A9747", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "9F3CCFDC-1366-401E-87E3-429F94815DB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "2E01999A-0AA6-4398-88FC-B6AB6E434964", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "A1F36340-BF6B-4C7C-B7BE-5E393B66B708", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "40B3BCC8-E00D-4CFA-897B-3E8D1BACF3E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "FB633A43-E84B-4F2C-B0BF-DD9922E8E3C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "F76A3603-857D-4DD8-B637-60AE700783F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "AFB8DB41-A576-4503-8F5D-8D1E42333DC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "D0516F38-9E43-42B3-AE49-AB01B91D2CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "940E5C7A-849F-42A0-AB83-EA0F219786EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "281CF17A-3CE3-4570-922A-EF5CE54D6C3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "AE7EA28B-BE31-442D-95CC-EAFF34CA764F", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "62922039-C0D6-41D1-994C-06CA6D051636", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.15:*:*:*:*:*:*:*", "matchCriteriaId": "D7B557ED-FB1B-48BD-9A9D-243D8305BC36", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "88D3599C-AA04-42A2-A165-9E64C39F069D", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "656A540E-7CD6-41C7-B0AB-5414A6CF9679", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF3F92AB-707E-4EFA-8829-A5B407263C20", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "5838B6E6-18D7-49FA-AFA6-B7C1EC24014B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0EA39A62-DEFB-4BE3-AF0B-C19EE399BA13", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "8EFE4394-CB90-47EC-A000-A4111398FC97", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "1E7E97F9-A11F-4E13-AF8B-4318D996EE56", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "77B6A882-A3D5-4B3C-9095-0BA004BCB29B", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "C2905447-E2BD-4653-8CB5-906B62B6EAC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:facter:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "78A90EB3-AF6B-4883-B854-73865BE0DE59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node."}, {"lang": "es", "value": "Puppet Labs Facter 1.6.0 hasta 2.4.0 permite a usuarios locales obtener metadatos sensibles de la instancia Amazon EC2 IAM mediante la lectura de un hecho para un nodo de Amazon EC2."}], "id": "CVE-2015-1426", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-02-23T17:59:01.680", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2015-1426"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2015-1426"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "facter: potential sensitive information leakage in Facter's Amazon EC2 metadata facts handling", "id": "1191538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191538"}, "csaw": false, "cvss": {"cvss_base_score": "1.7", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "status": "draft"}, "details": ["Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node."], "name": "CVE-2015-1426", "package_state": [{"cpe": "cpe:/a:redhat:openstack-installer:5", "fix_state": "Not affected", "package_name": "facter", "product_name": "OpenStack Foreman"}, {"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Not affected", "package_name": "facter", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Not affected", "package_name": "facter", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:1", "fix_state": "Not affected", "package_name": "facter", "product_name": "Red Hat Enterprise MRG 1"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "facter", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Not affected", "package_name": "facter", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "facter", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Not affected", "package_name": "facter", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2015-02-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1426\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1426\nhttp://puppetlabs.com/security/cve/cve-2015-1426"], "statement": "This issue did not affect the versions of facter as shipped with various Red Hat products as they do not use puppet and facter to control Amazon EC2 instances directly.", "threat_severity": "Low"}

{}