Plugin Catalog Unprocessed Entities Common
Approved changes feed: RSS · Atom
cpe:2.3:a:@backstage:plugin-catalog-unprocessed-entities-common:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | @Backstage (5ceb9f58-6325-5869-8c10-7ca92d58d4c7) |
|---|---|
| Product | Plugin Catalog Unprocessed Entities Common (1328b9a5-242c-56a5-af51-71c6114fe797) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-44374 |
vulnerable | 2026-06-03 15:25:03.092847 |
Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks
MEDIUM (4.3)
Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting Backstage installations using this module. This is patched in @backstage/plugin-catalog-backend-module-unprocessed version 0.6.11, @backstage/plugin-catalog-unprocessed-entities-common version 0.0.15 and @backstage/plugin-catalog-unprocessed-entities version 0.2.30.
Published: 2026-05-14T14:30:04.945Z
Updated: 2026-05-14T19:51:53.801Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.