CVE-2021-32662 TechDocs mkdocs.yml path traversal

2021-06-0322:00:12

CWE-22

GitHub_M

www.cve.org

cve-2021-32662; techdocs; mkdocs.yml; path traversal; backstage; techdocs-common; vulnerability; api; documentation; source code; mitigation; patch; 0.6.3

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

44.4%

JSON

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage’s TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for docs_dir in mkdocs.yml. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that an attacker would need access to modify the mkdocs.yml in the documentation source code, and would also need access to the TechDocs backend API. The vulnerability is patched in the 0.6.3 release of @backstage/techdocs-common.

CNA Affected

[
  {
    "product": "backstage",
    "vendor": "backstage",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.6.3"
      }
    ]
  }
]