{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T02:28:01.809","vulnerabilities":[{"cve":{"id":"CVE-2025-55285","sourceIdentifier":"security-advisories@github.com","published":"2025-08-15T18:15:27.943","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If ${{ secrets.x }} is not passed through to fetch:template there is no impact. This issue has been resolved in 2.1.1 of the scaffolder-backend plugin. A workaround for this issue involves Template Authors removing the use of ${{ secrets }} being used as an argument to fetch:template."},{"lang":"es","value":"@backstage/plugin-scaffolder-backend es el backend para las plantillas predeterminadas del software Backstage. Antes de la versión 2.1.1, el registro duplicado de los valores de entrada en la acción fetch:template del Scaffolder provocaba que algunos secretos no se redactaran correctamente. Si ${{ secrets.x }} no se pasa a fetch:template, no hay impacto. Este problema se ha resuelto en la versión 2.1.1 del complemento scaffolder-backend. Una solución alternativa consiste en que los autores de plantillas eliminen el uso de ${{ secrets }} como argumento para fetch:template."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N","baseScore":2.6,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://github.com/backstage/backstage/commit/c371f6fe12371de31dca537510e6653e287cdc2e","source":"security-advisories@github.com"},{"url":"https://github.com/backstage/backstage/security/advisories/GHSA-3x3q-ghcp-whf7","source":"security-advisories@github.com"}]}}]}