CVE-2023-6944 – Rhdh: catalog-import function leaks credentials to frontend
https://notcve.org/view.php?id=CVE-2023-6944
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately. Se encontró una falla en Red Hat Developer Hub (RHDH). • https://access.redhat.com/security/cve/CVE-2023-6944 https://bugzilla.redhat.com/show_bug.cgi?id=2255204 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2023-35926 – Insecure sandbox in Backstage Scaffolder plugin
https://notcve.org/view.php?id=CVE-2023-35926
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. • https://github.com/backstage/backstage/commit/fb7375507d56faedcb7bb3665480070593c8949a https://github.com/backstage/backstage/releases/tag/v1.15.0 https://github.com/backstage/backstage/security/advisories/GHSA-wg6p-jmpc-xjmr • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2021-43783 – Path Traversal in @backstage/plugin-scaffolder-backend
https://notcve.org/view.php?id=CVE-2021-43783
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. • https://github.com/backstage/backstage/commit/f9352ab606367cd9efc6ff048915c70ed3013b7f https://github.com/backstage/backstage/security/advisories/GHSA-mg3m-f475-28hv • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-32662 – TechDocs mkdocs.yml path traversal
https://notcve.org/view.php?id=CVE-2021-32662
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for `docs_dir` in `mkdocs.yml`. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that an attacker would need access to modify the `mkdocs.yml` in the documentation source code, and would also need access to the TechDocs backend API. The vulnerability is patched in the `0.6.3` release of `@backstage/techdocs-common`. • https://github.com/backstage/backstage/commit/8cefadca04cbf01d0394b0cb1983247e5f1d6208 https://github.com/backstage/backstage/releases/tag/release-2021-05-27 https://github.com/backstage/backstage/security/advisories/GHSA-pgf8-28gg-vpr6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •