Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/03/12 6:38 p.m.4 views

CVE-2026-32237 @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint

Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...

4.4CVSS5.9AI score0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/12 6:38 p.m.34 views

CVE-2026-32237 @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint

Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...

4.4CVSS0.00242EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/01/21 10:36 p.m.8 views

@alithya-oss/backstage-plugin-scaffolder-backend-module-aws-apps (>=0.3.10 <=0.3.12), @alithya-oss/plugin-scaffolder-backend-module-aws-apps (>=0.3.6 <=0.3.9) +55 more potentially affected by CVE-2026-24046 via @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20220708025041 <=1.33.0)

@backstage/plugin-scaffolder-backend NPM version =0.0.0-nightly-20220708025041, =0.3.10, =0.3.6, =0.1.0, =0.4.0, =0.0.0-nightly-2021712211, =0.0.0-nightly-20230325022054, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230112022659, =0.0.0-nightly-2022122206, =0.4.3, =0.4.7...

9.1CVSS5.4AI score0.00478EPSS
Exploits0
Snyk
Snyk
added 2026/01/21 10:36 p.m.8 views

Symlink Attack

Overview @backstage/plugin-scaffolder-backend is a The Backstage backend plugin that helps you create new things Affected versions of this package are vulnerable to Symlink Attack via multiple actions, including debug:log, fs:delete, and archive extraction. A user who create and execute Scaffolde...

9.9CVSS5.8AI score0.00478EPSS
Exploits0References3
NVD
NVD
added 2025/08/15 6:15 p.m.56 views

CVE-2025-55285

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If $ secrets.x is not passed...

2.6CVSS0.0021EPSS
Exploits0References2
CVE
CVE
added 2025/08/15 5:10 p.m.35 views

CVE-2025-55285

The CVE-2025-55285 issue affects the Backstage scaffolder-backend plugin. Before version 2.1.1, the fetch:template action could duplicate the input log path, causing some secrets passed via the {{ secrets }} bag to be written to logs instead of being redacted. Affected product: @backstage/plugin-...

2.6CVSS6.5AI score0.0021EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/06/21 10:0 p.m.9 views

@backstage/plugin-scaffolder-backend (>=0.0.0-nightly-2021712211 <=0.15.24-next.0), @backstage/plugin-scaffolder-backend-module-confluence-to-markdown (>=0.0.0-nightly-20230325022054 <=0.0.0-nightly-20230801022410) +8 more potentially affected by CVE-2023-35926 via @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20220708025041 <=0.18.0)

@backstage/plugin-scaffolder-backend NPM version =0.0.0-nightly-20220708025041, =0.0.0-nightly-2021712211, =0.0.0-nightly-20230325022054, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230112022659, =0.0.0-nightly-2022122206, =1.0.8, =1.0.0, =1.0.0, =2.2.0 -...

9.9CVSS7.2AI score0.01888EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/12/01 6:29 p.m.6 views

@backstage/plugin-scaffolder-backend-module-confluence-to-markdown (>=0.0.0-nightly-20230325022054 <=0.0.0-nightly-20230801022410), @backstage/plugin-scaffolder-backend-module-cookiecutter (>=0.0.0-nightly-2022122206 <=0.1.0) +3 more potentially affected by unknown CVE via @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20220708025041 <=0.14.2)

@backstage/plugin-scaffolder-backend NPM version =0.0.0-nightly-20220708025041, =0.0.0-nightly-20230325022054, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230112022659, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230123022600 Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2021/12/01 6:28 p.m.11 views

@backstage/plugin-scaffolder-backend-module-confluence-to-markdown (>=0.0.0-nightly-20230325022054 <=0.0.0-nightly-20230801022410), @backstage/plugin-scaffolder-backend-module-cookiecutter (>=0.0.0-nightly-2022122206 <=0.1.0) +3 more potentially affected by CVE-2021-43783 via @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20220708025041 <=0.14.2)

@backstage/plugin-scaffolder-backend NPM version =0.0.0-nightly-20220708025041, =0.0.0-nightly-20230325022054, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230112022659, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230123022600 Source cves: CVE-2021-43783 Source advisory:...

8.5CVSS7.2AI score0.01206EPSS
Exploits0
Rows per page
Query Builder