Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation backstage vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6944
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access...
Redhat Red Hat Developer Hub
Linuxfoundation Backstage
NA
CVE-2023-35926
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past ...
Linuxfoundation Backstage
NA
CVE-2023-25571
Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` before 0.12.4, and `@backstage/plugin-catalog-backend` before 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerabili...
Linuxfoundation Backstage Plugin-catalog-backend
Linuxfoundation Backstage Core-components
Linuxfoundation Backstage Catalog-model
4.3
CVSSv2
CVE-2021-43776
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the malicious user to exfiltrate...
Linuxfoundation Auth Backend
4
CVSSv2
CVE-2021-41151
Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request...
Linuxfoundation Backstage
3.5
CVSSv2
CVE-2021-32662
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions before 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs...
Linuxfoundation Backstage
4.9
CVSSv2
CVE-2021-32661
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin (`@backstage/plugin-techdocs`) before 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within...
Linuxfoundation \\@backstage\\/plugin-techdocs
5.8
CVSSv2
CVE-2021-32660
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of `@backstage/tehdocs-common` before 0.6.4, a malicious internal actor is able to upload documentation content with malici...
Linuxfoundation \\@backstage\\/techdocs-common
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started