CVE-2021-43783

CVSS 3.1 Score 8.5 of 10 (high)

Details

Published Nov 29, 2021

Updated: Jan 3, 2025

CWE ID 22

Summary

CVE-2021-43783 is a vulnerability affecting the backend of Backstage software templates, specifically @backstage/plugin-scaffolder-backend. Malicious actors with write access to registered templates can manipulate them to write files to arbitrary paths on the scaffolder-backend host instance. In some cases, this vulnerability can also be exploited through user input when executing templates, without requiring write access. The attacker cannot control the contents of the injected file unless the template is crafted in a specific way. Version 0.15.14 of @backstage/plugin-scaffolder-backend addresses this issue. Access restrictions and required reviews when registering or modifying scaffolder templates mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linuxfoundation Backstage

Affected Vendors

Linux Foundation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners