Backstage Security Vulnerabilities and Issues — Backstage CVE List

Lucene search

LinuxfoundationBackstage

3 matches found

CVE•added 2024/09/17 9:15 p.m.•90 views

CVE-2024-45815

Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the 1.26.0 release...

6.5CVSS6.3AI score0.00295EPSS

CVE•added 2024/09/17 9:15 p.m.•52 views

CVE-2024-45816

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks i...

6.5CVSS6.4AI score0.00243EPSS

CVE•added 2024/09/17 9:15 p.m.•50 views

CVE-2024-46976

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker...

6.5CVSS5.9AI score0.00077EPSS