CVE-2021-32662

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32662
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32662.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32662
Aliases
Related
Published
2021-06-03T22:15:07Z
Modified
2025-01-15T02:29:20.147640Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for docs_dir in mkdocs.yml. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that an attacker would need access to modify the mkdocs.yml in the documentation source code, and would also need access to the TechDocs backend API. The vulnerability is patched in the 0.6.3 release of @backstage/techdocs-common.

References

Affected packages

Git / github.com/backstage/backstage

Affected ranges

Type
GIT
Repo
https://github.com/backstage/backstage
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

cli-old-cache-watch
hackweek-demo
release-2021-01-07
release-2021-01-08
release-2021-01-09
release-2021-01-14
release-2021-01-18
release-2021-01-20
release-2021-01-21
release-2021-01-28
release-2021-01-29
release-2021-02-01
release-2021-02-03
release-2021-02-05
release-2021-02-11
release-2021-02-16
release-2021-02-18
release-2021-02-23
release-2021-03-04
release-2021-03-09
release-2021-03-11
release-2021-03-16
release-2021-03-17
release-2021-03-18
release-2021-03-19
release-2021-03-25
release-2021-03-31
release-2021-04-08
release-2021-04-13
release-2021-04-15
release-2021-04-21
release-2021-04-22
release-2021-04-29
release-2021-05-04
release-2021-05-06
release-2021-05-10
release-2021-05-11
release-2021-05-12
release-2021-05-17
release-2021-1-7

release-2021-01-14.*

release-2021-01-14.1

release-2021-01-21.*

release-2021-01-21.1

release-2021-03-11.*

release-2021-03-11.1

release-2021-03-31.*

release-2021-03-31.1

release-2021-04-22.*

release-2021-04-22.1

release-2021-05-12.*

release-2021-05-12.1

v0.*

v0.1.0
v0.1.1
v0.1.1-alpha.0
v0.1.1-alpha.1
v0.1.1-alpha.10
v0.1.1-alpha.11
v0.1.1-alpha.12
v0.1.1-alpha.13
v0.1.1-alpha.15
v0.1.1-alpha.16
v0.1.1-alpha.17
v0.1.1-alpha.18
v0.1.1-alpha.19
v0.1.1-alpha.2
v0.1.1-alpha.20
v0.1.1-alpha.21
v0.1.1-alpha.22
v0.1.1-alpha.23
v0.1.1-alpha.24
v0.1.1-alpha.25
v0.1.1-alpha.26
v0.1.1-alpha.3
v0.1.1-alpha.4
v0.1.1-alpha.5
v0.1.1-alpha.6
v0.1.1-alpha.7
v0.1.1-alpha.8
v0.1.1-alpha.9
v0.10.0
v0.11.0
v0.11.1
v0.11.2
v0.11.3
v0.12.0
v0.13.0
v0.13.1
v0.14.0
v0.15.0
v0.16.0
v0.16.1
v0.17.0
v0.17.1
v0.17.2
v0.17.3
v0.18.0
v0.18.1
v0.19.0
v0.2.0
v0.20.0
v0.20.1
v0.21.0
v0.21.1
v0.22.0
v0.22.1
v0.22.2
v0.23.0
v0.24.0
v0.24.1
v0.25.0
v0.25.1
v0.25.2
v0.25.3
v0.26.0
v0.26.1
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.9.0