Backstage up to 0.4.11/0.5.0/0.6.0 server-side request forgery

Summaryinfo

A vulnerability was found in Backstage up to 0.4.11/0.5.0/0.6.0. It has been classified as critical. Impacted is an unknown function. The manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2024-53983. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Backstage up to 0.4.11/0.5.0/0.6.0. This issue affects an unknown code block. The manipulation with an unknown input leads to a server-side request forgery vulnerability. Using CWE to declare the problem leads to CWE-918. The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. Impacted is confidentiality. The summary by CVE is:

The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection (SSTI) can be exploited to perform Git config injection. The vulnerability allows an attacker to capture privileged git tokens used by the Backstage Scaffolder plugin. With these tokens, unauthorized access to sensitive resources in git can be achieved. The impact is considered medium severity as the Backstage Threat Model recommends restricting access to adding and editing templates in the Backstage Catalog plugin. The issue has been resolved in versions `v0.4.12`, `v0.5.1` and `v0.6.1` of the `@backstage/plugin-scaffolder-node` package. Users are encouraged to upgrade to this version to mitigate the vulnerability. Users are advised to upgrade. Users unable to upgrade may ensure that templates do not change git config.

The advisory is shared at github.com. The identification of this vulnerability is CVE-2024-53983 since 11/26/2024. The exploitation is known to be difficult. The attack may be initiated remotely. The exploitation requires an enhanced level of successful authentication. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available.

Upgrading to version 0.4.12 eliminates this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Name

• Backstage

Version

• 0.1
• 0.2
• 0.3
• 0.4
• 0.4.0
• 0.4.1
• 0.4.2
• 0.4.3
• 0.4.4
• 0.4.5
• 0.4.6
• 0.4.7
• 0.4.8
• 0.4.9
• 0.4.10
• 0.4.11
• 0.5
• 0.5.0
• 0.6.0

Website

• Product: https://github.com/backstage/backstage/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion