Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-q2x5-4xjx-c6p9: Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`

Impact

The FetchUrlReader component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in backend.reading.allow to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control.

This is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow attackers to include additional request headers.

Patches

This vulnerability is fixed in @backstage/backend-defaults version 0.12.2, 0.13.2, 0.14.1, and 0.15.0. Users should upgrade to this version or later.

Workarounds

  • Restrict backend.reading.allow to only trusted hosts that you control and that do not issue redirects
  • Ensure allowed hosts do not have open redirect vulnerabilities
  • Use network-level controls to block access from Backstage to sensitive internal endpoints

References

ghsa
Open in Source
#vulnerability#ssrf

Impact

The FetchUrlReader component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in backend.reading.allow to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control.

This is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow attackers to include additional request headers.

Patches

This vulnerability is fixed in @backstage/backend-defaults version 0.12.2, 0.13.2, 0.14.1, and 0.15.0. Users should upgrade to this version or later.

Workarounds

  • Restrict backend.reading.allow to only trusted hosts that you control and that do not issue redirects
  • Ensure allowed hosts do not have open redirect vulnerabilities
  • Use network-level controls to block access from Backstage to sensitive internal endpoints

References

  • OWASP SSRF Prevention Cheat Sheet

References

  • GHSA-q2x5-4xjx-c6p9
  • backstage/backstage@27f9061

ghsa: Latest News

GHSA-pchf-49fh-w34r: Soft Serve Affected by an Authentication Bypass
ghsa