TechDocs mkdocs.yml path traversal
CVE-2021-32662

6.5MEDIUM

Key Information:

Vendor

Backstage

Status
Backstage
Vendor
CVE Published:
3 June 2021

What is CVE-2021-32662?

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for docs_dir in mkdocs.yml. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that an attacker would need access to modify the mkdocs.yml in the documentation source code, and would also need access to the TechDocs backend API. The vulnerability is patched in the 0.6.3 release of @backstage/techdocs-common.

Affected Version(s)

backstage < 0.6.3

References

https://github.com/backstage/backstage/security/advisorie...
x_refsource_CONFIRM
https://github.com/backstage/backstage/commit/8cefadca04c...
x_refsource_MISC
https://github.com/backstage/backstage/releases/tag/relea...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.