Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-55285
Awaiting Analysis
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-15 Aug, 2025 | 18:15
Updated At-18 Aug, 2025 | 20:16

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If ${{ secrets.x }} is not passed through to fetch:template there is no impact. This issue has been resolved in 2.1.1 of the scaffolder-backend plugin. A workaround for this issue involves Template Authors removing the use of ${{ secrets }} being used as an argument to fetch:template.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.12.6LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-532Primarysecurity-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/backstage/backstage/commit/c371f6fe12371de31dca537510e6653e287cdc2esecurity-advisories@github.com
N/A
https://github.com/backstage/backstage/security/advisories/GHSA-3x3q-ghcp-whf7security-advisories@github.com
N/A
Change History
0Changes found
Details not found