3 matches found
CVE-2025-55285
creationtimestamp| type| source ---|---|--- 2025-08-15 20:57:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lwhqkv3h7v2d...
CVE-2025-55285
A flaw has been discovered in the @backstage/plugin-scaffolder-backend npm package that can lead to an information leak. The fetch:template action in the Scaffolder improperly duplicates logging of input values, which can bypass the intended redaction of secrets. This means that an attacker with...
CVE-2025-55285
The CVE-2025-55285 issue affects the Backstage scaffolder-backend plugin. Before version 2.1.1, the fetch:template action could duplicate the input log path, causing some secrets passed via the {{ secrets }} bag to be written to logs instead of being redacted. Affected product: @backstage/plugin-...