Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation backstage vulnerabilities and exploits
(subscribe to this query)
5.7
CVSSv3
CVE-2023-6944
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access...
Redhat Red Hat Developer Hub
Linuxfoundation Backstage
9.9
CVSSv3
CVE-2023-35926
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past ...
Linuxfoundation Backstage
5.4
CVSSv3
CVE-2023-25571
Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` before 0.12.4, and `@backstage/plugin-catalog-backend` before 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerabili...
Linuxfoundation Backstage Plugin-catalog-backend
Linuxfoundation Backstage Core-components
Linuxfoundation Backstage Catalog-model
6.1
CVSSv3
CVE-2021-43776
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the malicious user to exfiltrate...
Linuxfoundation Auth Backend
4.9
CVSSv3
CVE-2021-41151
Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request...
Linuxfoundation Backstage
6.5
CVSSv3
CVE-2021-32662
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions before 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs...
Linuxfoundation Backstage
7.3
CVSSv3
CVE-2021-32661
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin (`@backstage/plugin-techdocs`) before 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within...
Linuxfoundation \\@backstage\\/plugin-techdocs
8.1
CVSSv3
CVE-2021-32660
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of `@backstage/tehdocs-common` before 0.6.4, a malicious internal actor is able to upload documentation content with malici...
Linuxfoundation \\@backstage\\/techdocs-common
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started