Linuxfoundation

Backstage

8 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-45815

  • EPSS 0.3%
  • Published 17.09.2024 21:15:12
  • Last modified 03.01.2025 14:53:06

Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catal...

6.5

CVE-2024-45816

  • EPSS 0.24%
  • Published 17.09.2024 21:15:12
  • Last modified 03.01.2025 14:52:37

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be ...

5.4

CVE-2024-46976

  • EPSS 0.08%
  • Published 17.09.2024 21:15:12
  • Last modified 03.01.2025 14:52:32

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when br...

5.7

CVE-2023-6944

  • EPSS 0.22%
  • Published 04.01.2024 10:15:11
  • Last modified 05.09.2025 12:15:31

A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the fron...

9.9

CVE-2023-35926

  • EPSS 2.21%
  • Published 22.06.2023 14:15:09
  • Last modified 21.11.2024 08:08:59

Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`,...

8.5

CVE-2021-43783

  • EPSS 0.35%
  • Published 29.11.2021 20:15:08
  • Last modified 03.01.2025 14:52:50

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes fil...

4.9

CVE-2021-41151

  • EPSS 0.45%
  • Published 18.10.2021 21:15:07
  • Last modified 21.11.2024 06:25:36

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with ...

6.5

CVE-2021-32662

  • EPSS 0.48%
  • Published 03.06.2021 22:15:07
  • Last modified 21.11.2024 06:07:28

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the...