EUVD-2023-1899

Malicious code in bioql PyPI...

A Bootiful Podcast: Intact's Luke Shannon

Hi, Spring fans! and happy holidays! in this installment I talk to Intact's Luke Shannon about their use of Spring, developer portals, and so much more...

A Bootiful Podcast: Intact's Luke Shannon

Hi, Spring fans! and happy holidays! in this installment I talk to Intact's Luke Shannon about their use of Spring, developer portals, and so much more...

CVE-2024-47762 Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend

Backstage is an open framework for building developer portals. Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema...

CVE-2024-45816

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...

CVE-2024-45815 Prototype pollution in @backstage/plugin-catalog-backend

Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the 1.26.0 relea...

Path traversal

@backstage/backend-common is a common functionality library for backends for Backstage, an open platform for building developer portals. In @backstage/backend-common prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the resolveSafeChildPath utility were not exhaustive enough, leadi...

Backstage Information Disclosure Vulnerability

Backstage is a software application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage that stems from the GitlabDiscoveryEntityProvider leaking gitlab integration tokens in logs when tokens with newlines are supplied...

CVE-2023-35926

Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and...

backstage 安全漏洞

backstage is an application. Backstage is an open platform for building developer portals. A security vulnerability exists in backstage, which stems from the fact that an attacker can probe internal network services through carefully crafted data implementations...

backstage path traversal vulnerability

backstage is an application. Backstage is an open platform for building developer portals Backstage has a path traversal vulnerability, which stems from the fact that the product does not effectively restrict the write path for users with scaffold template write permissions, and can be exploited ...

Design/Logic Flaw

Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other...

Design/Logic Flaw

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...

CVE-2021-41151

CVE-2021-41151 (Backstage) : A path traversal vulnerability in the Backstage scaffolder backend allows reading sensitive files from the environment where Scaffolder Tasks run. An attacker can craft a custom Scaffolder template using a pull-request publishing action (e.g., publish:github:pull-requ...

Unspecified vulnerability in Backstage (CNVD-2021-44721)

Backstage is an open platform for building developer portals, and techdocs common contains the common features of Backstage's techdocs. An unspecified vulnerability exists in Backstage. An attacker can exploit the vulnerability to access sensitive data...

Unspecified Vulnerability in Backstage

Backstage is the open platform for building developer portals. An unspecified vulnerability exists in Backstage. An attacker could exploit the vulnerability to access sensitive data...

CVE-2021-32660

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...

backstage 代码问题漏洞

Backstage is the open platform for building developer portals. An unspecified vulnerability exists in Backstage. An attacker could exploit the vulnerability to access sensitive data...