Vulnerabilidades em @backstage

4 resultados

CVE-2026-32236LOW@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetchEPSS 0.3%CVE-2026-32237MEDIUM@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpointEPSS 0.2%CVE-2026-44374MEDIUMBackstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checksEPSS 0.2%CVE-2026-32235MEDIUM@backstage/plugin-auth-backend: OAuth redirect URI allowlist bypassEPSS 0.1%