Linuxfoundation

Backstage

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-45815

  • EPSS 0.19%
  • Veröffentlicht 17.09.2024 21:15:12
  • Zuletzt bearbeitet 03.01.2025 14:53:06

Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catal...

6.5

CVE-2024-45816

  • EPSS 0.13%
  • Veröffentlicht 17.09.2024 21:15:12
  • Zuletzt bearbeitet 03.01.2025 14:52:37

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be ...

5.4

CVE-2024-46976

  • EPSS 0.08%
  • Veröffentlicht 17.09.2024 21:15:12
  • Zuletzt bearbeitet 03.01.2025 14:52:32

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when br...

5.7

CVE-2023-6944

  • EPSS 0.22%
  • Veröffentlicht 04.01.2024 10:15:11
  • Zuletzt bearbeitet 05.09.2025 12:15:31

A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the fron...

9.9

CVE-2023-35926

  • EPSS 2.21%
  • Veröffentlicht 22.06.2023 14:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:59

Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`,...

8.5

CVE-2021-43783

  • EPSS 0.35%
  • Veröffentlicht 29.11.2021 20:15:08
  • Zuletzt bearbeitet 03.01.2025 14:52:50

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes fil...

4.9

CVE-2021-41151

  • EPSS 0.45%
  • Veröffentlicht 18.10.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:25:36

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with ...

6.5

CVE-2021-32662

  • EPSS 0.48%
  • Veröffentlicht 03.06.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:28

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the...