Skip to main content

Facter

2 CVEs product

Monthly

CVE-2015-1426 Ruby LOW PATCH Monitor

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Facter
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3248 Ruby MEDIUM POC PATCH This Month

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before. Rated medium severity (CVSS 6.2). Public exploit code available.

Information Disclosure Facter Marionette Collective Hiera Puppet +1
NVD
CVSS 2.0
6.2
EPSS
0.1%
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Facter
NVD
EPSS 0% CVSS 6.2
MEDIUM POC PATCH This Month

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before. Rated medium severity (CVSS 6.2). Public exploit code available.

Information Disclosure Facter Marionette Collective +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy