From 5ab5d6723ba4e549b448c5ebf97d69105759ea6b Mon Sep 17 00:00:00 2001 From: "Shelby J. Cunningham" Date: Thu, 3 Jun 2021 12:52:29 -0400 Subject: [PATCH] Add CVE-2021-32660 for GHSA-pwhf-39xg-4rxw --- 2021/32xxx/CVE-2021-32660.json | 87 +++++++++++++++++++++++++++++++--- 1 file changed, 81 insertions(+), 6 deletions(-) diff --git a/2021/32xxx/CVE-2021-32660.json b/2021/32xxx/CVE-2021-32660.json index e297c62d315..a8d5ed653ba 100644 --- a/2021/32xxx/CVE-2021-32660.json +++ b/2021/32xxx/CVE-2021-32660.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32660", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "TechDocs content sanitization bypass" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "backstage", + "version": { + "version_data": [ + { + "version_value": "< 0.6.4" + } + ] + } + } + ] + }, + "vendor_name": "backstage" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of `@backstage/tehdocs-common` prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These scripts would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitazion will be bypassed. If the TechDocs API is hosted on the same origin as the Backstage app or other backend plugins, this may give access to sensitive data. The ability to upload malicious content may be limited by internal code review processes, unless the chosen TechDocs deployment method is to use an object store and the actor has access to upload files directly to that store. The vulnerability is patched in the `0.6.4` release of `@backstage/techdocs-common`." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/backstage/backstage/security/advisories/GHSA-pwhf-39xg-4rxw", + "refsource": "CONFIRM", + "url": "https://github.com/backstage/backstage/security/advisories/GHSA-pwhf-39xg-4rxw" + }, + { + "name": "https://github.com/backstage/backstage/commit/aad98c544e59369901fe9e0a85f6357644dceb5c", + "refsource": "MISC", + "url": "https://github.com/backstage/backstage/commit/aad98c544e59369901fe9e0a85f6357644dceb5c" + }, + { + "name": "https://github.com/backstage/backstage/releases/tag/release-2021-06-03", + "refsource": "MISC", + "url": "https://github.com/backstage/backstage/releases/tag/release-2021-06-03" + } + ] + }, + "source": { + "advisory": "GHSA-pwhf-39xg-4rxw", + "discovery": "UNKNOWN" } } \ No newline at end of file