All the vulnerabilites related to puppetlabs - facter
Vulnerability from fkie_nvd
Published
2014-11-16 17:59
Modified
2024-11-21 02:07
Severity ?
Summary
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://puppetlabs.com/security/cve/cve-2014-3248 | Vendor Advisory | |
| cve@mitre.org | http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/ | Exploit, Technical Description | |
| cve@mitre.org | http://secunia.com/advisories/59197 | Technical Description | |
| cve@mitre.org | http://secunia.com/advisories/59200 | Technical Description | |
| cve@mitre.org | http://www.securityfocus.com/bid/68035 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://puppetlabs.com/security/cve/cve-2014-3248 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/ | Exploit, Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59197 | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59200 | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/68035 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | facter | 2.0.0 | |
| puppet | facter | 2.0.0 | |
| puppet | facter | 2.0.0 | |
| puppet | facter | 2.0.0 | |
| puppet | facter | 2.0.1 | |
| puppet | facter | 2.0.1 | |
| puppet | facter | 2.0.1 | |
| puppet | facter | 2.0.1 | |
| puppet | facter | 2.0.1 | |
| puppetlabs | facter | * | |
| puppet | marionette_collective | * | |
| puppet | hiera | * | |
| puppet | puppet | * | |
| puppet | puppet | * | |
| puppet | puppet_enterprise | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1880B374-9898-4F94-A79A-EC3FC6417C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8731DD0A-1765-4D01-B84A-B11B2C3D3C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "8C2C4B26-82E1-414C-8908-8C0B67933D3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5F6D393E-C815-435A-AD62-C50FB8221852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "163FF08E-1931-4A51-B309-FDF7518BF1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "789555F6-BAFE-4468-BDEC-9575F9C3B348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "601F4999-5841-4C0B-92C9-20D6276A43FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "06432280-17CC-4219-9D02-81370F3D97BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2F103639-4964-426B-9D23-7DE777ECD388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD66B12-AEF4-4AB6-BD19-860139A1318F",
"versionEndIncluding": "1.6.18",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9AFF67-3EE5-4C7A-8344-B5CEEA140B80",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8C556F-51B7-492B-B9DD-FFCF2C47AC8A",
"versionEndExcluding": "1.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD170C7-36AF-4316-8E69-8B8C2794DF76",
"versionEndExcluding": "2.7.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF59DB1B-A958-42D3-BE68-71FA5CB32EF4",
"versionEndExcluding": "3.6.2",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C30CB38D-C799-4CA8-AB51-8A8A1DEEA1E9",
"versionEndExcluding": "2.8.7",
"versionStartIncluding": "2.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Puppet Enterprise 2.8 anterior a 2.8.7, Puppet anterior a 2.7.26 y 3.x anterior a 3.6.2, Facter 1.6.x y 2.x anterior a 2.0.2, Hiera anterior a 1.3.4, y Mcollective anterior a 2.5.2 o anteriores, permite a usuarios locales ganar privilegios ubicando un troyano en el directorio actual a trav\u00e9s de un troyano en un archivo, se demostr\u00f3 usando (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, o (6) safe_yaml/deep.so; o (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, o (10) osfamily.so en puppet/confine."
}
],
"id": "CVE-2014-3248",
"lastModified": "2024-11-21T02:07:44.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-16T17:59:03.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59197"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59200"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "http://secunia.com/advisories/59200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68035"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-23 17:59
Modified
2024-11-21 02:25
Severity ?
Summary
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://puppetlabs.com/security/cve/cve-2015-1426 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://puppetlabs.com/security/cve/cve-2015-1426 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D737A82F-19E0-4E23-A43B-5EE70E0332A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "57CD98E4-4DA3-40E9-BC8C-B3617601D98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6991FB1B-7F6C-4B01-B5A7-B50FE58D7D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "86DA5222-1FB4-4F83-A953-5BEAA6D03019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A0F60168-51AB-44FC-803F-1D12A4D16F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C24505E-ABCB-4547-A606-CE03C89FC7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7BDFBA53-E90B-44EA-9026-F74F4F1C28C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "028DEEE4-0544-486E-8B3B-A97A27E875A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8053AA40-676B-408A-9881-1253FCBF66C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "09593FCA-26DB-4B19-8672-BA28C90310FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9D96AE67-0F52-4C48-9FAB-3B920835F6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0328C1C1-4984-4AAF-B6D0-DFD5BC03C27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3FEEEC9C-BFCC-4343-B454-457579E32932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "137E0DB9-D78C-4BD6-BC20-120DC969D02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7873A8C8-5AE7-4671-A3BA-9609BD2E96A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5FECC098-22E3-47B4-B31E-68177F6C9F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCB547BD-2CF0-4127-B132-45DCA8D2E6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FDB66B0D-D130-4A25-9EFC-CE160AE14B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B2AE95B5-A9C9-44B2-BBF4-9F3822E358FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDD9C025-41F9-4DAB-9765-7011B3D97F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "36BE8080-9698-4913-B220-ED4B832362F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8740BCF1-3A8F-4CF5-B741-2587491E0570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20B2F559-FFEF-44B8-B362-71F4BA399ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.6.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D0E65056-16A9-4379-B77A-6452E7EB4BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8560994E-0523-488A-8841-A25808A65900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0E3B44AD-55B3-4D07-9B3C-FF24B2135BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.7.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0112CE0E-95BD-46B4-A774-35CFE51FD664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.7.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2070A85A-68F7-4E99-861B-BC80105B2ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.7.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B79238A-716F-4B2F-A056-3DDB54844392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.7.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "255E42F6-D6A8-4368-9585-F13F899ABE2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.7.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D9116AC3-5286-4C1A-AE5F-A52420F45D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:1.7.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "03A76E34-06D2-4E56-9247-351DD20217DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1880B374-9898-4F94-A79A-EC3FC6417C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8731DD0A-1765-4D01-B84A-B11B2C3D3C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "8C2C4B26-82E1-414C-8908-8C0B67933D3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5F6D393E-C815-435A-AD62-C50FB8221852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "789555F6-BAFE-4468-BDEC-9575F9C3B348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "601F4999-5841-4C0B-92C9-20D6276A43FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "06432280-17CC-4219-9D02-81370F3D97BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2F103639-4964-426B-9D23-7DE777ECD388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1716719D-3AD2-42B8-B08F-3ED81436078A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76E392C1-8C99-4CD2-A836-BEB9ECD1BD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6D88D0-8453-4769-9897-DC734594B9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83654CD8-0AC4-4EB1-8C02-DDA991AD9724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:facter:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "225A0038-75A0-4C59-834A-5FA3D14BB863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A6BF93-F9D3-4E77-A264-B724BB61F4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF742870-5171-4CAF-9886-3569572A9747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9F3CCFDC-1366-401E-87E3-429F94815DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E01999A-0AA6-4398-88FC-B6AB6E434964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F36340-BF6B-4C7C-B7BE-5E393B66B708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "40B3BCC8-E00D-4CFA-897B-3E8D1BACF3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FB633A43-E84B-4F2C-B0BF-DD9922E8E3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F76A3603-857D-4DD8-B637-60AE700783F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB8DB41-A576-4503-8F5D-8D1E42333DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D0516F38-9E43-42B3-AE49-AB01B91D2CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "940E5C7A-849F-42A0-AB83-EA0F219786EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "281CF17A-3CE3-4570-922A-EF5CE54D6C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7EA28B-BE31-442D-95CC-EAFF34CA764F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "62922039-C0D6-41D1-994C-06CA6D051636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B557ED-FB1B-48BD-9A9D-243D8305BC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "88D3599C-AA04-42A2-A165-9E64C39F069D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "656A540E-7CD6-41C7-B0AB-5414A6CF9679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF3F92AB-707E-4EFA-8829-A5B407263C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5838B6E6-18D7-49FA-AFA6-B7C1EC24014B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA39A62-DEFB-4BE3-AF0B-C19EE399BA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFE4394-CB90-47EC-A000-A4111398FC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7E97F9-A11F-4E13-AF8B-4318D996EE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6A882-A3D5-4B3C-9095-0BA004BCB29B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C2905447-E2BD-4653-8CB5-906B62B6EAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppetlabs:facter:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78A90EB3-AF6B-4883-B854-73865BE0DE59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node."
},
{
"lang": "es",
"value": "Puppet Labs Facter 1.6.0 hasta 2.4.0 permite a usuarios locales obtener metadatos sensibles de la instancia Amazon EC2 IAM mediante la lectura de un hecho para un nodo de Amazon EC2."
}
],
"id": "CVE-2015-1426",
"lastModified": "2024-11-21T02:25:24.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-23T17:59:01.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2015-1426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://puppetlabs.com/security/cve/cve-2015-1426"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2014-3248
Vulnerability from cvelistv5
Published
2014-11-16 17:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.
References
| ▼ | URL | Tags |
|---|---|---|
| http://puppetlabs.com/security/cve/cve-2014-3248 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/59197 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/59200 | third-party-advisory, x_refsource_SECUNIA | |
| http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/68035 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"name": "59197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59200"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-16T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"name": "59197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59200"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2014-3248",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2014-3248"
},
{
"name": "59197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59197"
},
{
"name": "59200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59200"
},
{
"name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/",
"refsource": "MISC",
"url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"
},
{
"name": "68035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3248",
"datePublished": "2014-11-16T17:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:35:57.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1426
Vulnerability from cvelistv5
Published
2015-02-23 17:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
References
| ▼ | URL | Tags |
|---|---|---|
| http://puppetlabs.com/security/cve/cve-2015-1426 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://puppetlabs.com/security/cve/cve-2015-1426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-23T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://puppetlabs.com/security/cve/cve-2015-1426"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2015-1426",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2015-1426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1426",
"datePublished": "2015-02-23T17:00:00",
"dateReserved": "2015-01-30T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}