Lucene search
+L

28 matches found

BDU FSTEC
BDU FSTEC
added 2024/12/25 12:0 a.m.7 views

The vulnerability of Backstage’s portal-building platform lies in its uncontrolled modification of object prototype attributes, allowing attackers to trigger service failures.

The vulnerability of the Backstage developer portal-building platform lies in the uncontrolled modification of object prototype attributes. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service failures by sending a specially crafted API request...

6.8CVSS6.5AI score0.00513EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.8 views

PT-2024-9768 · Google +2 · Gcs +2

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-techdocs-backend versions prior to 1.10.13 Description: The issue is related to the Backstage platform, an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs, it is...

7.7CVSS6.7AI score0.00728EPSS
Exploits0References11
vulnersOsv
vulnersOsv
added 2021/12/01 6:29 p.m.13 views

@backstage/plugin-auth-backend (>=0.0.0-nightly-20240122021809 <=0.24.5), @backstage/plugin-auth-backend-module-aws-alb-provider (>=0.0.0-nightly-20240126021148 <=0.4.17-next.0) +9 more potentially affected by CVE-2021-43776 via @backstage/plugin-auth-backend (>=0.0.0-nightly-20240929023448 <=0.4.10)

@backstage/plugin-auth-backend NPM version =0.0.0-nightly-20240929023448, =0.0.0-nightly-20240122021809, =0.0.0-nightly-20240126021148, =0.0.0-nightly-20240122021809, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =5.0.0-alpha.1, =1.0.0, =0.2.0, =1.0.0, =1.2.0...

7.4CVSS6.6AI score0.00656EPSS
Exploits0
OSV
OSV
added 2021/11/26 7:15 p.m.8 views

CVE-2021-43776

Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other...

6.1CVSS6.7AI score0.00656EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/10/18 9:15 p.m.3 views

CVE-2021-41151

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...

6.8CVSS5.8AI score0.01273EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/10/18 8:30 p.m.34 views

CVE-2021-41151 Path Traversal in @backstage/plugin-scaffolder-backend

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...

6.8CVSS6.5AI score0.01273EPSS
Exploits0References2
Prion
Prion
added 2021/06/03 6:15 p.m.18 views

Design/Logic Flaw

Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...

4.9CVSS7.1AI score0.01209EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/06/03 5:15 p.m.2 views

CVE-2021-32660

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...

8.1CVSS7AI score0.01269EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder