{ "id": "CVE-2021-43776", "sourceIdentifier": "security-advisories@github.com", "published": "2021-11-26T19:15:07.843", "lastModified": "2021-11-30T19:11:15.190", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`." }, { "lang": "es", "value": "Backstage es una plataforma abierta para construir portales para desarrolladores. En las versiones afectadas, el plugin auth-backend permite a un actor malicioso enga\u00f1ar a otro usuario para que visite una URL vulnerable que ejecute un ataque de tipo XSS. Este ataque puede permitir al atacante exfiltrar tokens de acceso u otros secretos del navegador del usuario. El CSP por defecto previene este ataque, pero se espera que algunas implementaciones tengan estas pol\u00edticas deshabilitadas debido a incompatibilidades. Esta vulnerabilidad est\u00e1 parcheada en la versi\u00f3n \"0.4.9\" de \"@backstage/plugin-auth-backend\"" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 2.7 }, { "source": "security-advisories@github.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 4.0 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "security-advisories@github.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:linuxfoundation:auth_backend:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "0.4.9", "matchCriteriaId": "EA11F10B-7813-47DA-B372-97EDB9DE488A" } ] } ] } ], "references": [ { "url": "https://github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49", "source": "security-advisories@github.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://github.com/backstage/backstage/tree/master/plugins/auth-backend", "source": "security-advisories@github.com", "tags": [ "Product", "Third Party Advisory" ] } ] }