CVE-2024-45815 – Prototype pollution in @backstage/plugin-catalog-backend
https://notcve.org/view.php?id=CVE-2024-45815
Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the `1.26.0` release of the `@backstage/plugin-catalog-backend`. All users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2024-45816 – Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend
https://notcve.org/view.php?id=CVE-2024-45816
Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. All users are advised to upgrade. • https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g • CWE-23: Relative Path Traversal •
CVE-2024-46976 – Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend
https://notcve.org/view.php?id=CVE-2024-46976
Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/backstage/backstage/security/advisories/GHSA-5j94-f3mf-8685 • CWE-693: Protection Mechanism Failure •
CVE-2024-26150 – `@backstage/backend-common` vulnerable to path traversal through symlinks
https://notcve.org/view.php?id=CVE-2024-26150
`@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10. `@backstage/backend-common` es una librería de funcionalidad común para backends de Backstage, una plataforma abierta para crear portales de desarrolladores. En `@backstage/backend-common` anterior a las versiones 0.21.1, 0.20.2 y 0.19.10, las comprobaciones de rutas con la utilidad `resolveSafeChildPath` no eran lo suficientemente exhaustivas, lo que generaba riesgo de vulnerabilidades de path traversal si se podían inyectar enlaces simbólicos. por los atacantes. • https://github.com/backstage/backstage/commit/1ad2b1b61ebb430051f7d804b0cc7ebfe7922b6f https://github.com/backstage/backstage/commit/78f892b3a84d63de2ba167928f171154c447b717 https://github.com/backstage/backstage/commit/edf65d7d31e027599c2415f597d085ee84807871 https://github.com/backstage/backstage/security/advisories/GHSA-2fc9-xpp8-2g9h • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-6944 – Rhdh: catalog-import function leaks credentials to frontend
https://notcve.org/view.php?id=CVE-2023-6944
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately. Se encontró una falla en Red Hat Developer Hub (RHDH). • https://access.redhat.com/security/cve/CVE-2023-6944 https://bugzilla.redhat.com/show_bug.cgi?id=2255204 • CWE-209: Generation of Error Message Containing Sensitive Information •