11 matches found
EUVD-2025-25046
Malicious code in bioql PyPI...
Sensitive Information Disclosure
@backstage/plugin-scaffolder-backend is vulnerable to Sensitive Information Disclosure. The vulnerability is due to duplicate logging of input values in the fetch:template action, which could expose sensitive data if $ secrets.x is used as an argument...
GHSA-3X3Q-GHCP-WHF7 Template Secret leakage in logs in Scaffolder when using `fetch:template`
A logging flaw in Backstage Scaffolder’s fetch:template action up to @backstage/plugin-scaffolder-backend 2.1.0 may write template secrets to logs. The action emitted a duplicate, pre-redaction copy of input parameters, so values provided via the secrets bag could appear in local/server logs when...
Template Secret leakage in logs in Scaffolder when using `fetch:template`
A logging flaw in Backstage Scaffolder’s fetch:template action up to @backstage/plugin-scaffolder-backend 2.1.0 may write template secrets to logs. The action emitted a duplicate, pre-redaction copy of input parameters, so values provided via the secrets bag could appear in local/server logs when...
Insertion of Sensitive Information into Log File
Overview @backstage/plugin-scaffolder-backend is a The Backstage backend plugin that helps you create new things Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the fetch:template action, which duplicates logging of the input values. An...
CVE-2025-55285
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If $ secrets.x is not passed...
CVE-2025-55285 @backstage/plugin-scaffolder-backend Template Secret Leakage in Logs in Scaffolder When Using `fetch:template`
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If $ secrets.x is not passed...
CVE-2025-55285
The CVE-2025-55285 issue affects the Backstage scaffolder-backend plugin. Before version 2.1.1, the fetch:template action could duplicate the input log path, causing some secrets passed via the {{ secrets }} bag to be written to logs instead of being redacted. Affected product: @backstage/plugin-...
CVE-2025-55285 @backstage/plugin-scaffolder-backend Template Secret Leakage in Logs in Scaffolder When Using `fetch:template`
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If $ secrets.x is not passed...
CVE-2025-55285 @backstage/plugin-scaffolder-backend Template Secret Leakage in Logs in Scaffolder When Using `fetch:template`
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If $ secrets.x is not passed...
PT-2025-33503 · Backstage · @Backstage/Plugin-Scaffolder-Backend
Name of the Vulnerable Software and Affected Versions: @backstage/plugin-scaffolder-backend versions prior to 2.1.1 Description: The backend for the default Backstage software templates exhibited duplicate logging of input values in the fetch:template action within the Scaffolder. This resulted i...