61 matches found
@backstage/backend-dynamic-feature-service (>=0.0.0-nightly-20241120023536 <=0.5.1-next.0), @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20241120023536 <=1.28.0-next.0) +11 more potentially affected by CVE-2024-53983 via @backstage/plugin-scaffolder-node (>=0.6.0 <=0.6.1-next.0)
@backstage/plugin-scaffolder-node NPM version =0.6.0, =0.0.0-nightly-20241120023536, =0.0.0-nightly-20241120023536, =0.0.0-nightly-20241120023536, =0.1.16-next.0 Source cves: CVE-2024-53983 Source advisory: OSV:GHSA-QMC2-JPR5-7RG9...
CVE-2024-53983 Server-side request forgery in Backstage Scaffolder plugin
The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection SSTI can be exploited to perform Git config injection. The vulnerability allows an...
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend
Impact Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret...
GHSA-QC4V-XQ2M-65WC Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend
Impact Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret...
Prototype Pollution
@backstage/plugin-catalog-backend is vulnerable to Prototype Pollution. The vulnerability is caused due to improper user input sanitization in the catalog API, which allows an attacker to interrupt the service using a specially crafted query...
Relative Path Traversal
@backstage/plugin-techdocs-backend is vulnerable to Relative Path Traversal. The vulnerability is caused due to improper validation of file paths, allowing unauthorized access to files in the AWS S3 or GCS storage provider...
CVE-2024-45816 Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend
Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...
Arbitrary Code Injection
@backstage/plugin-scaffolder-backend is vulnerable to Arbitrary Code Injection. The vulnerability exists due to sandbox bypass in ScaffolderEntitiesProcessor.js, which allows an attacker with write access to a registered scaffolder template to inject code through the YAML template definition...
CVE-2023-35926
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and...
CVE-2023-35926 Insecure sandbox in Backstage Scaffolder plugin
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and...
PT-2023-25385 · Npm · @Backstage/Plugin-Scaffolder-Backend
Name of the Vulnerable Software and Affected Versions: @backstage/plugin-scaffolder-backend versions prior to 1.15.0 Description: The Backstage scaffolder-backend plugin uses a templating library that requires a sandbox, allowing for code injection. A malicious actor with write access to a...
@backstage/plugin-techdocs (>=0.0.0-nightly-2021242250 <=0.0.0-nightly-2020112923923), @backstage/plugin-techdocs-backend (>=0.0.0-nightly-2021112332 <=0.14.1) +1 more potentially affected by unknown CVE via @backstage/techdocs-common (>=0.0.0-nightly-20220923026 <=0.11.15)
@backstage/techdocs-common NPM version =0.0.0-nightly-20220923026, =0.0.0-nightly-2021242250, =0.0.0-nightly-2021112332, =0.0.0-nightly-2022122206, =0.8.16 Source cves: unknown CVE Source advisory: OSV:GHSA-4JQC-JVH2-PXG9...
@backstage-community/plugin-techdocs-backend-module-confluence (>=0.2.0 <=0.2.1), @backstage/plugin-search-backend-module-techdocs (>=0.0.0-nightly-20230323021924 <=0.4.15-next.0) +13 more potentially affected by unknown CVE via @backstage/plugin-techdocs-node (>=0.0.0-nightly-20220315022536 <=1.1.2-next.2)
@backstage/plugin-techdocs-node NPM version =0.0.0-nightly-20220315022536, =0.2.0, =0.0.0-nightly-20230323021924, =0.0.0-nightly-202111212297, =0.0.0-nightly-20220305022735, =1.0.0, =1.0.1, =1.6.0, =0.0.4, =1.9.1, =1.0.1, =1.0.1, =0.0.0-nightly-2022122206, =0.1.5, =0.1.2, =1.1.0 Source cves:...
Remote Code Execution (RCE)
@backstage/plugin-scaffolder-backend is vulnerable to remote code execution attacks. A malicious user with write access to a registered scaffolder template could manipulate the template...
Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend
Impact This vulnerability allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but i...
RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend
The templating library used by the scaffolder backend assumes that templates are trusted which is an undesired property of the scaffolder-backend. This has now been mitigated by sandboxing the template code execution. Impact A malicious actor with write access to a registered scaffolder template...
Path Traversal in @backstage/plugin-scaffolder-backend
Impact A malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a...
CVE-2021-43783 Path Traversal in @backstage/plugin-scaffolder-backend
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...
CVE-2021-43776 XSS vulnerability in @backstage/plugin-auth-backend
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other...
CVE-2021-41151
Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...