What is CVE-2023-25571?

CVE-2023-25571 is a medium-severity vulnerability in Backstage, classified under CWE-84. CVSS score: 6.8/10. Published 2023-02-14.

How severe is CVE-2023-25571?

Medium severity. CVSS v3 base score is 6.8 out of 10.

XSS in Backstage

CVE-2023-25571

Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-s…

EPSS: 0.007 (72.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N.

Affected products

Backstage — versions < 1.2.0, < 0.12.4, < 1.7.2

Weakness classification (CWE)

References

https://github.com/backstage/backstage/security/advisories/GHSA-7hv8-3fr9-j2hv (x_refsource_CONFIRM)
https://github.com/backstage/backstage/commit/3d1371954512f7fa8bd0e2d357e00eada2c3e8a8 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-25571?: CVE-2023-25571 is a medium-severity vulnerability in Backstage, classified under CWE-84. CVSS score: 6.8/10. Published 2023-02-14.
How severe is CVE-2023-25571?: Medium severity. CVSS v3 base score is 6.8 out of 10.