GHSA-Q2X5-4XJX-C6P9 Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`

Impact The FetchUrlReader component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in backend.reading.allow to redirect requests to internal or sensitive URLs that are not on the...

CVE-2021-41151

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...

Permission policy information leakage in Backstage permission system

Impact A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission backend. If the permission system is not in use or if the installed permission policy does not...

Backstage 安全漏洞

Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage version 1.25.0, which originates from an instance of Backstage with the Directory Backend plugin installed, where a malicious actor with...

Unspecified vulnerability in Backstage (CNVD-2021-44721)

Backstage is an open platform for building developer portals, and techdocs common contains the common features of Backstage's techdocs. An unspecified vulnerability exists in Backstage. An attacker can exploit the vulnerability to access sensitive data...

Unspecified Vulnerability in Backstage

Backstage is the open platform for building developer portals. An unspecified vulnerability exists in Backstage. An attacker could exploit the vulnerability to access sensitive data...

backstage 代码问题漏洞

Backstage is an open platform for building developer portals, and techdocs common contains the common features of Backstage's techdocs. An unspecified vulnerability exists in Backstage. An attacker can exploit the vulnerability to access sensitive data...