423 matches found
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.9.3 release.
Red Hat Developer Hub 1.9.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
Malicious code in backstage-plugin-wpe-catalog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ba337d37ef9344a2df43beb88ffec3f1061cba440eb4c4ed69798da6f3122b5 The package backstage-plugin-wpe-catalog was found to contain malicious code...
MAL-2026-1657 Malicious code in backstage-plugin-wpe-catalog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ba337d37ef9344a2df43beb88ffec3f1061cba440eb4c4ed69798da6f3122b5 The package backstage-plugin-wpe-catalog was found to contain malicious code...
CVE-2026-32235
An allowlist bypass flaw has been discovered in the npm @backstage/plugin-auth-backend package. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafted redirect URI can pass th...
CVE-2026-32237
Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...
CVE-2026-32236
Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...
CVE-2026-32235
Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents a...
CVE-2026-32237 @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint
Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...
CVE-2026-32237
Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...
CVE-2026-32237 @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint
Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...
CVE-2026-32237
Backstage vulnerability CVE-2026-32237 affects the @backstage/plugin-scaffolder-backend prior to 3.1.5. Authenticated users with permission to run scaffolder dry-runs can access server-configured environment secrets via the dry-run API response; secrets are redacted in logs but not in all respons...
CVE-2026-32237 @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint
Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...
CVE-2026-32236 @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch
Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...
CVE-2026-32236 @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch
Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...
CVE-2026-32236
CVE-2026-32236 affects the Backstage npm package @backstage/plugin-auth-backend. The SSRF flaw occurs in the CIMD metadata fetch when auth.experimentalClientIdMetadataDocuments.enabled is true: the initial client_id hostname is validated against private IP ranges, but this validation isn’t enforc...
CVE-2026-32236
Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...
CVE-2026-32236 @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch
Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...
CVE-2026-32235 @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass
Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents a...
CVE-2026-32235
Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents a...
CVE-2026-32235
Summary of CVE-2026-32235 (Backstage plugin-auth-backend) : The experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass before version 0.27.1. When experimental Dynamic Client Registration or Client ID Metadata Documents are enabled and allowe...