4 matches found
@backstage/plugin-auth-backend (>=0.0.0-nightly-20240122021809 <=0.22.11), @backstage/plugin-auth-backend-module-aws-alb-provider (>=0.0.0-nightly-20240126021148 <=0.4.14-next.1) +7 more potentially affected by CVE-2026-32235 via @backstage/plugin-auth-backend (>=0.0.0-nightly-20240929023448 <=0.27.1-next.2)
@backstage/plugin-auth-backend NPM version =0.0.0-nightly-20240929023448, =0.0.0-nightly-20240122021809, =0.0.0-nightly-20240126021148, =0.0.0-nightly-20240122021809, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =1.0.0, =1.2.0 -...
Information Disclosure
@backstage/plugin-permission-backend is vulnerable to information disclosure. The vulnerability is due to improper handling of conditional decisions in the permission backend, allowing callers to infer sensitive information...
CVE-2025-32791 Permission policy information leakage in Backstage permission system
The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission...
@backstage-community/plugin-rbac-backend (>=5.2.3 <=6.1.1), @janus-idp/backstage-plugin-rbac-backend (>=4.4.2 <=5.2.2) +3 more potentially affected by CVE-2025-32791 via @backstage/plugin-permission-backend (=0.5.55)
@backstage/plugin-permission-backend NPM version =0.5.55 is affected by a known vulnerability. The following packages have a transitive dependency on @backstage/plugin-permission-backend and may be impacted: - @backstage-community/plugin-rbac-backend =5.2.3, =4.4.2, =6.0.1, =0.7.6, =2.0.0, =4.0.0...