Backstage, an open platform for building developer portals, is affected by a critical vulnerability whose exploitation could have a serious impact on a targeted enterprise, according to cloud-native application security firm Oxeye.
Spotify created Backstage and gave it to the Cloud Native Computing Foundation. It offers a catalog for keeping track of all the user’s software, project-creation templates, and open source plugins that can be used to increase the system’s customizability and functionality. Numerous well-known companies, such as Netflix, American Airlines, Doordash, Palo Alto Networks, HP, Siemens, LinkedIn, and Booz Allen Hamilton, use the platform.
An important security flaw discovered by Oxeye in the well-known sandbox library VM2 earlier this year has an impact on Backstage.