The templating library used by the scaffolder backend assumes that templates are trusted which is an undesired property of the scaffolder-backend. This has now been mitigated by sandboxing the template code execution.
Impact
A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template yaml definition itself and not by user input data.
Patches
This is vulnerability is patched in version 0.15.14 of @backstage/plugin-scaffolder-backend.
For more information
If you have any questions or comments about this advisory:
References
The templating library used by the scaffolder backend assumes that templates are trusted which is an undesired property of the scaffolder-backend. This has now been mitigated by sandboxing the template code execution.
Impact
A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template yaml definition itself and not by user input data.
Patches
This is vulnerability is patched in version
0.15.14of@backstage/plugin-scaffolder-backend.For more information
If you have any questions or comments about this advisory:
References