CVE-2023-35926
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of @backstage/plugin-scaffolder-backend.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| backstage | backstage | < 1.15.0 | affected |
Weaknesses
- CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/backstage/backstage/security/advisories/GHSA-wg6p-jmpc-xjmr
- https://github.com/backstage/backstage/commit/fb7375507d56faedcb7bb3665480070593c8949a
- https://github.com/backstage/backstage/releases/tag/v1.15.0
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://github.com/backstage/backstage/security/advisories/GHSA-wg6p-jmpc-xjmr
- https://github.com/backstage/backstage/commit/fb7375507d56faedcb7bb3665480070593c8949a
- https://github.com/backstage/backstage/releases/tag/v1.15.0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.