Описание
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass
Impact
A malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs.
The attack requires:
- The ability to register a template in the catalog
- A victim who executes the malicious template
Patches
Patched in @backstage/plugin-scaffolder-backend version 3.1.4
Workarounds
- Implement a custom permission policy that restricts scaffolder.task.read so users can only read their own task logs
- Restrict who can register templates in the catalog to trusted users only
Resources
- Backstage Scaffolder permissions documentation: https://backstage.io/docs/permissions/plugin-authors/01-setup/
- Backstage Threat Model: https://backstage.io/docs/overview/threat-model/
Пакеты
@backstage/plugin-scaffolder-backend
<= 3.1.3
3.1.4
Связанные уязвимости
Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4.
Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4.