Backstage Plugin Scaffolder Backend
CVE-2026-29184
LOW
Severity by source
AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4.
AnalysisAI
Backstage is an open framework for building developer portals. versions up to 3.1.4 is affected by insertion of sensitive information into log file (CVSS 2.0).
Technical ContextAI
This vulnerability (CWE-532: Insertion of Sensitive Information into Log File) affects Backstage is an open framework for building developer portals.. Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4.
RemediationAI
Fixed in version 3.1.4.. Restrict network access to the affected service where possible.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-8qp7-fhr9-fw53