CVE-2025-55285
- EPSS 0.03%
- Veröffentlicht 15.08.2025 17:10:26
- Zuletzt bearbeitet 18.08.2025 20:16:28
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not pro...
CVE-2025-32791
- EPSS 0.04%
- Veröffentlicht 16.04.2025 21:46:23
- Zuletzt bearbeitet 17.04.2025 20:21:48
The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the ...
CVE-2024-53983
- EPSS 0.12%
- Veröffentlicht 29.11.2024 19:15:10
- Zuletzt bearbeitet 29.11.2024 19:15:10
The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection (SSTI) can be exploited to perform G...
CVE-2024-47762
- EPSS 0.14%
- Veröffentlicht 03.10.2024 18:15:05
- Zuletzt bearbeitet 04.10.2024 13:50:43
Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration sch...