Description

Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`.

Remediation

References

https://github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49

https://github.com/backstage/backstage/tree/master/plugins/auth-backend

Related Vulnerabilities

CVE-2023-24162 Vulnerability in maven package cn.hutool:hutool-all

CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-server-base

CVE-2021-21379 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-wikimacro-store

CVE-2018-1000665 Vulnerability in maven package org.webjars.bower:dojo

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-jasper

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory Product NVD-CWE-noinfo