Lucene search
K

423 matches found

OSV
OSV
added 2026/03/12 6:35 p.m.8 views

CVE-2026-32235 @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass

Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents a...

5.9CVSS5.9AI score0.00139EPSS
Exploits0References3
CVE
CVE
added 2026/03/12 6:35 p.m.15 views

CVE-2026-32235

Summary of CVE-2026-32235 (Backstage plugin-auth-backend) : The experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass before version 0.27.1. When experimental Dynamic Client Registration or Client ID Metadata Documents are enabled and allowe...

5.9CVSS5.9AI score0.00139EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/12 2:51 p.m.4 views

EUVD-2026-11675

@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint...

4.4CVSS5.8AI score0.00242EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/12 2:51 p.m.6 views

@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint

Impact Authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all parts of the response payload. Deployments that have configured...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/12 2:51 p.m.4 views

Server-side Request Forgery (SSRF)

Overview @backstage/plugin-auth-backend is an A Backstage backend plugin that handles authentication Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the CIMD metadata fetch when the auth.experimentalClientIdMetadataDocuments.enabled setting is enabled. An...

6.3CVSS5.8AI score0.00292EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/12 2:51 p.m.7 views

@backstage/plugin-auth-backend (>=0.0.0-nightly-20240122021809 <=0.22.11), @backstage/plugin-auth-backend-module-aws-alb-provider (>=0.0.0-nightly-20240126021148 <=0.4.14-next.1) +7 more potentially affected by CVE-2026-32236 via @backstage/plugin-auth-backend (>=0.0.0-nightly-20240929023448 <=0.27.1-next.2)

@backstage/plugin-auth-backend NPM version =0.0.0-nightly-20240929023448, =0.0.0-nightly-20240122021809, =0.0.0-nightly-20240126021148, =0.0.0-nightly-20240122021809, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =1.0.0, =1.2.0 -...

7.5CVSS5.8AI score0.00292EPSS
Exploits0
EUVD
EUVD
added 2026/03/12 2:51 p.m.7 views

EUVD-2026-11673

@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch...

5.8AI score0.00292EPSS
Exploits0References2
OSV
OSV
added 2026/03/12 2:51 p.m.3 views

GHSA-QP4C-XG64-7C6X @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch

Impact A Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid hostname against private IP ranges but does not apply the same validation...

6.3CVSS5.8AI score0.00292EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/12 2:51 p.m.23 views

@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch

Impact A Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid hostname against private IP ranges but does not apply the same validation...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/12 2:50 p.m.6 views

Open Redirect

Overview @backstage/plugin-auth-backend is an A Backstage backend plugin that handles authentication Affected versions of this package are vulnerable to Open Redirect via the OAuth redirect URI validation bypass. An attacker can intercept authorization codes by crafting a redirect URI that bypass...

5.9CVSS5.8AI score0.00139EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/12 2:50 p.m.7 views

@backstage/plugin-auth-backend (>=0.0.0-nightly-20240122021809 <=0.22.11), @backstage/plugin-auth-backend-module-aws-alb-provider (>=0.0.0-nightly-20240126021148 <=0.4.14-next.1) +7 more potentially affected by CVE-2026-32235 via @backstage/plugin-auth-backend (>=0.0.0-nightly-20240929023448 <=0.27.1-next.2)

@backstage/plugin-auth-backend NPM version =0.0.0-nightly-20240929023448, =0.0.0-nightly-20240122021809, =0.0.0-nightly-20240126021148, =0.0.0-nightly-20240122021809, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =1.0.0, =1.2.0 -...

5.9CVSS5.8AI score0.00139EPSS
Exploits0
EUVD
EUVD
added 2026/03/12 2:50 p.m.8 views

EUVD-2026-11671

@backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass...

5.9CVSS5.8AI score0.00139EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/12 2:50 p.m.7 views

@backstage/plugin-auth-backend (>=0.0.0-nightly-20240122021809 <=0.22.11), @backstage/plugin-auth-backend-module-aws-alb-provider (>=0.0.0-nightly-20240126021148 <=0.4.14-next.1) +7 more potentially affected by CVE-2026-32235 via @backstage/plugin-auth-backend (>=0.0.0-nightly-20240929023448 <=0.27.1-next.2)

@backstage/plugin-auth-backend NPM version =0.0.0-nightly-20240929023448, =0.0.0-nightly-20240122021809, =0.0.0-nightly-20240126021148, =0.0.0-nightly-20240122021809, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =1.0.0, =1.2.0 -...

5.9CVSS5.8AI score0.00139EPSS
Exploits0
OSV
OSV
added 2026/03/12 2:50 p.m.3 views

GHSA-WQVH-63MV-9W92 @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass

Impact The experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafte...

5.9CVSS5.9AI score0.00139EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/12 2:50 p.m.14 views

@backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass

Impact The experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafte...

5.9CVSS5.9AI score0.00139EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.9 views

Backstage 输入验证错误漏洞

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 0.27.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from an experimental OIDC provisioning...

5.9CVSS5.8AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25052

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 0.27.1 Description Backstage is an open framework for building developer portals. A Server-Side Request Forgery SSRF issue exists in the @backstage/plugin-auth-backend component when the...

7.5CVSS5.2AI score0.00292EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-25053

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 3.1.5 Description Backstage is an open framework for building developer portals. Authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through th...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

Backstage 信息泄露漏洞

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 3.1.5 contained a vulnerability related to information leakage. This vulnerability occurred because verified users with permission to conduc...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.21 views

Backstage 代码问题漏洞

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 0.27.1 contained code-related vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when the experimental client ...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References3
Rows per page
Query Builder