Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@backstage/plugin-scaffolder-backend: Potential Session Token Exfiltration via Log Redaction Bypass
Vulnerability Description
Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Backstage 日志信息泄露漏洞
Vulnerability Description
Backstage是Backstage开源的一个应用软件。后台是一个开放的平台,用于构建开发者门户。 Backstage 3.1.4之前版本存在日志信息泄露漏洞,该漏洞源于恶意脚手架模板可绕过日志编辑机制,可能导致通过任务事件日志泄露秘密。
CVSS Information
N/A
Vulnerability Type
N/A