Lucene search
K

4 matches found

OSV
OSV
added 2026/03/12 6:38 p.m.5 views

CVE-2026-32237 @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint

Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...

4.4CVSS5.9AI score0.00242EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/12 6:38 p.m.4 views

CVE-2026-32237

Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...

4.4CVSS5.9AI score0.00242EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/12 6:38 p.m.7 views

CVE-2026-32237

Backstage vulnerability CVE-2026-32237 affects the @backstage/plugin-scaffolder-backend prior to 3.1.5. Authenticated users with permission to run scaffolder dry-runs can access server-configured environment secrets via the dry-run API response; secrets are redacted in logs but not in all respons...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2024/03/05 5:6 a.m.2 views

SUSE CVE-2019-25210

An issue was discovered in Cloud Native Computing Foundation CNCF Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was...

9.1CVSS6.9AI score0.00675EPSS
Exploits0References3
Rows per page
Query Builder