CVE-2024-45816

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:backstage:backstage:*:*:*:*:*:*:*:*

History

23 Sep 2024, 18:41

Type	Values Removed	Values Added
CPE		cpe:2.3:a:backstage:backstage::::::::
CWE		CWE-22
First Time		Backstage backstage Backstage
References	~~() https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g -~~	() https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g - Third Party Advisory

20 Sep 2024, 12:30

Type	Values Removed	Values Added
Summary		(es) Backstage es un framework abierto para crear portales para desarrolladores. Al utilizar el proveedor de almacenamiento AWS S3 o GCS para TechDocs, es posible acceder al contenido de todo el depósito de almacenamiento. Esto puede filtrar contenido del depósito al que no se pretende acceder, así como eludir las comprobaciones de permisos en Backstage. Esto se ha solucionado en la versión 1.10.13 del paquete `@backstage/plugin-techdocs-backend`. Se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad.

17 Sep 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-17 21:15

Updated : 2024-09-23 18:41

NVD link : CVE-2024-45816

Mitre link : CVE-2024-45816

CVE.ORG link : CVE-2024-45816

JSON object : View

Products Affected

backstage

backstage

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-23

Relative Path Traversal

{"id": "CVE-2024-45816", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-09-17T21:15:12.553", "references": [{"url": "https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-23"}]}], "descriptions": [{"lang": "en", "value": "Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. All users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Backstage es un framework abierto para crear portales para desarrolladores. Al utilizar el proveedor de almacenamiento AWS S3 o GCS para TechDocs, es posible acceder al contenido de todo el dep\u00f3sito de almacenamiento. Esto puede filtrar contenido del dep\u00f3sito al que no se pretende acceder, as\u00ed como eludir las comprobaciones de permisos en Backstage. Esto se ha solucionado en la versi\u00f3n 1.10.13 del paquete `@backstage/plugin-techdocs-backend`. Se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."}], "lastModified": "2024-09-23T18:41:15.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:backstage:backstage:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01C86A92-FB6D-41F3-9B29-C01FD30A3C53", "versionEndExcluding": "1.10.13"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}