CVE-2024-45816 Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...

CVE-2024-46976

CVE-2024-46976 affects the Backstage framework, specifically the @backstage/plugin-techdocs-backend . The root cause is that attacker-controlled content in the TechDocs storage buckets can inject executable scripts into TechDocs content, which then execute in a victim’s browser when documentation...

CVE-2024-46976 Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attack...

PT-2024-9770 · Unknown · @Backstage/Plugin-Techdocs-Backend

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-techdocs-backend versions prior to 1.10.13 Description: The issue allows an attacker with control of the TechDocs storage buckets to inject executable scripts in the TechDocs content. These scripts will be executed in the...

PT-2024-9768 · Google +2 · Gcs +2

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-techdocs-backend versions prior to 1.10.13 Description: The issue is related to the Backstage platform, an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs, it is...

Path traversal for local publishers in TechDocs backend

Impact A malicious actor with the ability to register entities in the Software Catalog is able to write files to arbitrary paths on the techdocs backend host instance when techdocs.publisher.type is set to local. This vulnerability is mitigated by the fact that the Software Catalog must be...

GHSA-4JQC-JVH2-PXG9 Path traversal for local publishers in TechDocs backend

Impact A malicious actor with the ability to register entities in the Software Catalog is able to write files to arbitrary paths on the techdocs backend host instance when techdocs.publisher.type is set to local. This vulnerability is mitigated by the fact that the Software Catalog must be...

@backstage/plugin-catalog (>=0.0.0-nightly-202011242419 <=0.2.9), @backstage/plugin-techdocs (>=0.0.0-nightly-2021242250 <=0.7.0) +2 more potentially affected by CVE-2021-32660 via @backstage/techdocs-common (>=0.0.0-nightly-20220923026 <=0.5.1)

@backstage/techdocs-common NPM version =0.0.0-nightly-20220923026, =0.0.0-nightly-202011242419, =0.0.0-nightly-2021242250, =0.0.0-nightly-2021112332, =0.0.0-nightly-2022122206, =0.8.16 Source cves: CVE-2021-32660 Source advisory: OSV:GHSA-PWHF-39XG-4RXW...

Path traversal

Impact A malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for docsdir in mkdocs.yml. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that ...

GHSA-PGF8-28GG-VPR6 Path traversal

Impact A malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for docsdir in mkdocs.yml. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that ...