cbcvebase.
CVE-2023-35926
published 2023-06-22

CVE-2023-35926: Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by…

PriorityP266critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
1.89%
76.9th percentile
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of `@backstage/plugin-scaffolder-backend`.

Affected

3 ranges
VendorProductVersion rangeFixed in
backstagebackstage< 1.15.01.15.0
backstageplugin-scaffolder-backend>= 0 < 1.15.01.15.0
linuxfoundationbackstage< 1.15.01.15.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.