What is the severity of CVE-2024-45816?

CVE-2024-45816 has been classified as a high-severity vulnerability due to the potential for unauthorized access to sensitive content in cloud storage buckets.

How do I fix CVE-2024-45816?

To fix CVE-2024-45816, upgrade the version of @backstage/plugin-techdocs-backend to 1.10.13 or later.

What systems are affected by CVE-2024-45816?

CVE-2024-45816 affects versions of the Backstage framework prior to 1.10.13, specifically those using AWS S3 or Google Cloud Storage providers.

What are the risks associated with CVE-2024-45816?

The risks of CVE-2024-45816 include leaking unintended content from storage buckets and bypassing permission checks within Backstage.

Is there a workaround for CVE-2024-45816?

There is no documented workaround for CVE-2024-45816; upgrading to the patched version is recommended to mitigate the vulnerability.

Vulnerability/
CVE-2024-45816

high

7.7

CWE

23 22

17/9/2024

3/1/2025

CVE-2024-45816: Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend

First published: Tue Sep 17 2024(Updated: )

### Impact When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. ### Patches This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. ### References If you have any questions or comments about this advisory: Open an issue in the [Backstage repository](https://github.com/backstage/backstage) Visit our Discord, linked to in [Backstage README](https://github.com/backstage/backstage)

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
npm/@backstage/plugin-techdocs-backend	<1.10.13	1.10.13
Backstage	<1.10.13

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-45816?
CVE-2024-45816 has been classified as a high-severity vulnerability due to the potential for unauthorized access to sensitive content in cloud storage buckets.
How do I fix CVE-2024-45816?
To fix CVE-2024-45816, upgrade the version of @backstage/plugin-techdocs-backend to 1.10.13 or later.
What systems are affected by CVE-2024-45816?
CVE-2024-45816 affects versions of the Backstage framework prior to 1.10.13, specifically those using AWS S3 or Google Cloud Storage providers.
What are the risks associated with CVE-2024-45816?
The risks of CVE-2024-45816 include leaking unintended content from storage buckets and bypassing permission checks within Backstage.
Is there a workaround for CVE-2024-45816?
There is no documented workaround for CVE-2024-45816; upgrading to the patched version is recommended to mitigate the vulnerability.

agent/title
agent/first-publish-date
agent/type
agent/description
agent/event
agent/references
agent/author
collector/mitre-cve
source/MITRE
agent/weakness
agent/trending
collector/github-advisory-latest
source/GitHub
alias/GHSA-39v3-f278-vj3g
alias/CVE-2024-45816
agent/software-canonical-lookup
agent/last-modified-date
agent/severity
agent/softwarecombine
collector/github-advisory
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
package-manager/npm
vendor/linuxfoundation
canonical/backstage

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.