What is CVE-2024-47762?

CVE-2024-47762 is a medium-severity vulnerability in Backstage, classified under Expected Behavior Violation. CVSS score: 5.8/10. Published 2024-10-03.

How severe is CVE-2024-47762?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Vulnerability in Backstage

CVE-2024-47762

Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in config…

EPSS: 0.002 (40.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N.

Affected products

Backstage — versions < 0.3.75

Weakness classification (CWE)

CWE-440 — Expected Behavior Violation

References

https://github.com/backstage/backstage/security/advisories/GHSA-qc4v-xq2m-65wc (x_refsource_CONFIRM)
https://github.com/backstage/backstage/commit/323e6129073c5cb4cc106a1239eaec31a129554f (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-47762?: CVE-2024-47762 is a medium-severity vulnerability in Backstage, classified under Expected Behavior Violation. CVSS score: 5.8/10. Published 2024-10-03.
How severe is CVE-2024-47762?: Medium severity. CVSS v3 base score is 5.8 out of 10.