CVE-2024-47762

A flaw was found in the backstage/plugin-app-backend package. Configurations supplied through APPCONFIG environment variables unexpectedly ignore the visibility defined in the configuration schema, potentially exposing sensitive configuration details intended to remain private or restricted to...

CVE-2024-47762 Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend

Backstage is an open framework for building developer portals. Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema...

GHSA-QC4V-XQ2M-65WC Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend

Impact Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret...

PT-2024-32800 · Unknown · @Backstage/Plugin-App-Backend

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-app-backend versions prior to 0.3.75 Description: The issue concerns the configuration supplied through APP CONFIG environment variables, where the visibility defined in the configuration schema is unexpectedly ignored. This...