Description
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`.
Remediation
References
https://github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49
https://github.com/backstage/backstage/tree/master/plugins/auth-backend
Related Vulnerabilities
CVE-2020-2264 Vulnerability in maven package org.jenkins-ci.plugins:custom-job-icon
CVE-2023-41900 Vulnerability in maven package org.eclipse.jetty:jetty-openid
CVE-2018-1000180 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on
CVE-2018-20677 Vulnerability in maven package org.webjars:bootstrap-sass
CVE-2020-17527 Vulnerability in maven package org.apache.tomcat:tomcat-coyote