Lucene search
K

6 matches found

NVD
NVD
added 2026/03/07 3:15 p.m.9 views

CVE-2026-29184

Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4...

6.5CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/03/07 3:3 p.m.19 views

CVE-2026-29184

Summary: CVE-2026-29184 affects Backstage, specifically the @backstage/plugin-scaffolder-backend. Before version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism, enabling exfiltration of secrets from task event logs. The issue is addressed in version 3.1.4. What is a...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/07 3:3 p.m.5 views

CVE-2026-29184 @backstage/plugin-scaffolder-backend: Potential Session Token Exfiltration via Log Redaction Bypass

Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4...

2CVSS5.7AI score0.00262EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/05 12:23 a.m.12 views

@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass

Impact A malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. The attack requires: - The ability to register a template in the catalog - A victim who executes the malicious template Patches Patched in...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/05 12:23 a.m.3 views

GHSA-8QP7-FHR9-FW53 @backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass

Impact A malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. The attack requires: - The ability to register a template in the catalog - A victim who executes the malicious template Patches Patched in...

2CVSS5.9AI score0.00262EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23439

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 3.1.4 Description Backstage is a framework for building developer portals. A malicious scaffolder template can bypass the log redaction mechanism, potentially exposing secrets provided through task event logs. The...

2CVSS5.8AI score0.00262EPSS
Exploits0References6
Rows per page
Query Builder