Описание
Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4.
EPSS
Процентиль: 1%
0.00009
Низкий
2 Low
CVSS3
Дефекты
CWE-532
Связанные уязвимости
CVSS3: 2
redhat
20 дней назад
Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4.
CVSS3: 2
github
23 дня назад
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass
EPSS
Процентиль: 1%
0.00009
Низкий
2 Low
CVSS3
Дефекты
CWE-532