CVSS 3 Base Score: 1.3Posted On: February 10, 2015Assessed Risk Level: Low An issue exists where sensitive Amazon EC2 IAM instance metadata could be added to an Amazon EC2 node's facts, where a non-privileged local user could access the information via Facter. Although Amazon's API allows anyone who can access an EC2 instance to view its instance metadata, facts containing sensitive EC2 instance metadata could be unintentionally exposed through off-host applications that display facts. CVSS v2 Score: 1.3 Vector AV:L/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C Status:Affected software versions:Puppet Enterprise 2.x, 3.x Facter 1.6.0 - 2.4.0 CFacter 0.2.0 and earlierResolved in:Puppet Enterprise 3.7.2, Facter 2.4.1, CFacter 0.3.0← Back to CVE Listings
