Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation backstage vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6944
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access...
Redhat Red Hat Developer Hub
Linuxfoundation Backstage
NA
CVE-2023-35926
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past ...
Linuxfoundation Backstage
NA
CVE-2023-25571
Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` before 0.12.4, and `@backstage/plugin-catalog-backend` before 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerabili...
Linuxfoundation Backstage Plugin-catalog-backend
Linuxfoundation Backstage Core-components
Linuxfoundation Backstage Catalog-model
383
VMScore
CVE-2021-43776
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the malicious user to exfiltrate...
Linuxfoundation Auth Backend
356
VMScore
CVE-2021-41151
Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request...
Linuxfoundation Backstage
312
VMScore
CVE-2021-32662
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions before 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs...
Linuxfoundation Backstage
436
VMScore
CVE-2021-32661
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin (`@backstage/plugin-techdocs`) before 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within...
Linuxfoundation @backstage/plugin-techdocs
516
VMScore
CVE-2021-32660
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of `@backstage/tehdocs-common` before 0.6.4, a malicious internal actor is able to upload documentation content with malici...
Linuxfoundation @backstage/techdocs-common
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started