Vulnerability DatabaseCVE-2015-1426
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-1426
Published:February 23, 2015
Updated:May 17, 2026
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
Affected Packages
facter (RUBY):
Affected version(s) >=1.6.0 <2.4.1
Fix Suggestion:
Update to version 2.4.1
Related Resources (6)
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2015-1426.yml
https://nvd.nist.gov/vuln/detail/CVE-2015-1426
https://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata
http://puppetlabs.com/security/cve/cve-2015-1426
https://web.archive.org/web/20150906195742/http://puppetlabs.com/security/cve/cve-2015-1426
https://github.com/puppetlabs/facter
Do you need more information?
Contact Us
CVSS v3
Base Score:
4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
CVSS v2
Base Score:
2.1
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200
EPSS
Base Score:
0.06