2.1
CVE-2015-1426
- EPSS 0.06%
- Veröffentlicht 23.02.2015 17:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Puppetlabs ≫ Facter Version1.6.1
Puppetlabs ≫ Facter Version1.6.2
Puppetlabs ≫ Facter Version1.6.3
Puppetlabs ≫ Facter Version1.6.4
Puppetlabs ≫ Facter Version1.6.5
Puppetlabs ≫ Facter Version1.6.6
Puppetlabs ≫ Facter Version1.6.7
Puppetlabs ≫ Facter Version1.6.8
Puppetlabs ≫ Facter Version1.6.9
Puppetlabs ≫ Facter Version1.6.10
Puppetlabs ≫ Facter Version1.6.11
Puppetlabs ≫ Facter Version1.6.12
Puppetlabs ≫ Facter Version1.6.13
Puppetlabs ≫ Facter Version1.6.14
Puppetlabs ≫ Facter Version1.6.15
Puppetlabs ≫ Facter Version1.6.17
Puppetlabs ≫ Facter Version1.6.18
Puppetlabs ≫ Facter Version1.7.0
Puppetlabs ≫ Facter Version1.7.1
Puppetlabs ≫ Facter Version1.7.2
Puppetlabs ≫ Facter Version1.7.3
Puppetlabs ≫ Facter Version1.7.4
Puppetlabs ≫ Facter Version1.7.5
Puppetlabs ≫ Facter Version1.7.6
Puppetlabs ≫ Facter Version2.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.153 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.