Insecure sandbox in Backstage Scaffolder plugin
CVE-2023-35926

8.1HIGH

Key Information:

Vendor

Backstage

Status
Backstage
Vendor
CVE Published:
22 June 2023

What is CVE-2023-35926?

The Backstage scaffolder-backend plugin leverages a templating library susceptible to code injection, allowing malicious users with write access to modify scaffolder templates. This manipulation can lead to remote code execution on the scaffolder-backend instance. Notably, the exploit is confined to the template's YAML definition and does not originate from user input. To mitigate this risk, the plugin has transitioned from the vm2 sandbox library to a more secure alternative. Version 1.15.0 of @backstage/plugin-scaffolder-backend addresses this vulnerability.

Affected Version(s)

backstage < 1.15.0

References

https://github.com/backstage/backstage/security/advisorie...
x_refsource_CONFIRM
https://github.com/backstage/backstage/commit/fb7375507d5...
x_refsource_MISC
https://github.com/backstage/backstage/releases/tag/v1.15.0
x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.