VulnerableCode Vulnerability Details - VCID-j37w-1fmd-3fe3

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-j37w-1fmd-3fe3

Essentials
Severities (9)
References (11)
Severity details (5)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-j37w-1fmd-3fe3
Aliases	CVE-2015-1426 GHSA-j436-h7hm-rx46
Summary	Exposure of Sensitive Information to an Unauthorized Actor Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2015-1426
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2015-1426
epss	0.00059	https://api.first.org/data/v1/epss?cve=CVE-2015-1426
generic_textual	LOW	https://github.com/puppetlabs/facter
generic_textual	LOW	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2015-1426.yml
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2015-1426
generic_textual	LOW	https://web.archive.org/web/20150906195742/http://puppetlabs.com/security/cve/cve-2015-1426
cvssv3	1.3	https://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata
generic_textual	LOW	https://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1426.json
		https://api.first.org/data/v1/epss?cve=CVE-2015-1426
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1426
		https://github.com/puppetlabs/facter
1191538		https://bugzilla.redhat.com/show_bug.cgi?id=1191538
778265		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778265
CVE-2015-1426		https://nvd.nist.gov/vuln/detail/CVE-2015-1426
CVE-2015-1426		https://web.archive.org/web/20150906195742/http://puppetlabs.com/security/cve/cve-2015-1426
CVE-2015-1426-POTENTIAL-SENSITIVE-INFORMATION-LEAKAGE-FACTERS-AMAZON-EC2-METADATA		https://www.puppet.com/security/cve/cve-2015-1426-potential-sensitive-information-leakage-facters-amazon-ec2-metadata
CVE-2015-1426.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2015-1426.yml
GHSA-j436-h7hm-rx46		https://github.com/advisories/GHSA-j436-h7hm-rx46

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.18715
EPSS Score	0.00059
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:43:16.596150+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/facter/CVE-2015-1426.yml	38.6.0