Strix
26.1K

CVE-2021-43783

HIGHCVSS 8.5/10EPSS 1.21%

Last modified

CVE-2021-43783 is a high-severity vulnerability rated 8.5/10 on the CVSS scale. @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. EPSS estimates a 1.21% chance of exploitation in the next 30 days.

Description

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. This attack is mitigated by restricting access and requiring reviews when registering or modifying scaffolder templates.

Metrics

CVSS 3.1
8.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

EPSS Probability
1.21%

64.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LinuxfoundationBackstage< 0.15.14

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2021-43783?
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. This attack is mitigated by restricting access and requiring reviews when registering or modifying scaffolder templates.
How severe is CVE-2021-43783?
CVE-2021-43783 has a CVSS score of 8.5/10 (HIGH severity). The EPSS model estimates a 1.21% probability of exploitation in the next 30 days.
How do I fix CVE-2021-43783?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-43783?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST