Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass
Vulnerability Description
Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafted redirect URI can pass the allowlist validation while resolving to an attacker-controlled host. If a victim approves the resulting OAuth consent request, their authorization code is sent to the attacker, who can exchange it for a valid access token. This requires victim interaction and that one of the experimental features is explicitly enabled, which is not the default. This vulnerability is fixed in 0.27.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Backstage 输入验证错误漏洞
Vulnerability Description
Backstage是Backstage开源的一个应用软件。后台是一个开放的平台,用于构建开发者门户。 Backstage 0.27.1之前版本存在输入验证错误漏洞,该漏洞源于实验性OIDC提供程序存在重定向URI允许列表绕过,可能导致授权码泄露给攻击者。
CVSS Information
N/A
Vulnerability Type
N/A