Backstage plugin-techdocs-backend allows full S3/GCS bucket read before 1.10.13
CVE-2024-45816 Published on September 17, 2024

Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend
Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Github Repository NVD

Vulnerability Analysis

CVE-2024-45816 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Relative Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.


Products Associated with CVE-2024-45816

stack.watch emails you whenever new vulnerabilities are published in Backstage or Linux Foundation Backstage. Just hit a watch button to start following.

Backstage
 
Linux Foundation Backstage
 

Affected Versions

backstage Version < 1.10.13 is affected by CVE-2024-45816

Vulnerable Packages

The following package name and versions may be associated with CVE-2024-45816

Package Manager Vulnerable Package Versions Fixed In
npm @backstage/plugin-techdocs-backend < 1.10.13 1.10.13

Exploit Probability

EPSS
0.21%
Percentile
42.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.