Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Oxeye to Announce New Vulnerability in Spotify’s Backstage with CVSS Score of 9.8/10

November 2022 by Oxeye research

On Tuesday, November 15th, Oxeye’s Security Research Team will announce the discovery of a new vulnerability in Spotify’s Backstage.

Backstage is a development environment that unifies all infrastructure tooling, services, and documentation. Having more than 19,000 stars on Github, it is one of the most popular open-source platforms for building developer portals and is in widespread use by Spotify, American Airlines, Netflix, Splunk, Fidelity Investments, Epic Games, Palo Alto Networks and many others.

With this discovery, the exploitation of a vm2 sandbox escape in the Scaffolder core plugin will give threat actors the ability to execute arbitrary system commands on a Backstage application. It is critical this vulnerability is addressed without delay.

See previous articles


See next articles