6.5
CVE-2026-29184
- EPSS 0.26%
- Veröffentlicht 07.03.2026 15:03:18
- Zuletzt bearbeitet 25.04.2026 18:01:46
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
@backstage/plugin-scaffolder-backend: Potential Session Token Exfiltration via Log Redaction Bypass
Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linuxfoundation ≫ Backstage/plugin-scaffolder-backend Version < 3.1.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.173 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| security-advisories@github.com | 2 | 0.5 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
https://github.com/backstage/backstage/security/advisories/GHSA-8qp7-fhr9-fw53