Vulnerability CVE-2021-32662


Published: 2021-06-03   Modified: 2021-06-04

Description:
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for `docs_dir` in `mkdocs.yml`. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that an attacker would need access to modify the `mkdocs.yml` in the documentation source code, and would also need access to the TechDocs backend API. The vulnerability is patched in the `0.6.3` release of `@backstage/techdocs-common`.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Backstage -> Backstage 

 References:
https://github.com/backstage/backstage/commit/8cefadca04cbf01d0394b0cb1983247e5f1d6208
https://github.com/backstage/backstage/releases/tag/release-2021-05-27
https://github.com/backstage/backstage/security/advisories/GHSA-pgf8-28gg-vpr6

Copyright 2024, cxsecurity.com

 

Back to Top