CVE-2021-43776 - Vulnerability Details - OpenCVE

Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linuxfoundation	Auth Backend

Configuration 1 [-]

cpe:2.3:a:linuxfoundation:auth_backend:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49
https://github.com/backstage/backstage/tree/master/plugins/auth-backend

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-11-26T18:15:10

Updated: 2024-08-04T04:03:08.688Z

Reserved: 2021-11-16T00:00:00

Link: CVE-2021-43776

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-11-26T19:15:07.843

Modified: 2024-11-21T06:29:45.807

Link: CVE-2021-43776

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "backstage", "vendor": "backstage", "versions": [{"status": "affected", "version": "< 0.4.9"}]}], "descriptions": [{"lang": "en", "value": "Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-26T18:15:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/backstage/backstage/tree/master/plugins/auth-backend"}], "source": {"advisory": "GHSA-w7fj-336r-vw49", "discovery": "UNKNOWN"}, "title": "XSS vulnerability in @backstage/plugin-auth-backend", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43776", "STATE": "PUBLIC", "TITLE": "XSS vulnerability in @backstage/plugin-auth-backend"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "backstage", "version": {"version_data": [{"version_value": "< 0.4.9"}]}}]}, "vendor_name": "backstage"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49", "refsource": "CONFIRM", "url": "https://github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49"}, {"name": "https://github.com/backstage/backstage/tree/master/plugins/auth-backend", "refsource": "MISC", "url": "https://github.com/backstage/backstage/tree/master/plugins/auth-backend"}]}, "source": {"advisory": "GHSA-w7fj-336r-vw49", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:03:08.688Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/backstage/backstage/tree/master/plugins/auth-backend"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43776", "datePublished": "2021-11-26T18:15:10", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:03:08.688Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:auth_backend:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "EA11F10B-7813-47DA-B372-97EDB9DE488A", "versionEndExcluding": "0.4.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`."}, {"lang": "es", "value": "Backstage es una plataforma abierta para construir portales para desarrolladores. En las versiones afectadas, el plugin auth-backend permite a un actor malicioso enga\u00f1ar a otro usuario para que visite una URL vulnerable que ejecute un ataque de tipo XSS. Este ataque puede permitir al atacante exfiltrar tokens de acceso u otros secretos del navegador del usuario. El CSP por defecto previene este ataque, pero se espera que algunas implementaciones tengan estas pol\u00edticas deshabilitadas debido a incompatibilidades. Esta vulnerabilidad est\u00e1 parcheada en la versi\u00f3n \"0.4.9\" de \"@backstage/plugin-auth-backend\""}], "id": "CVE-2021-43776", "lastModified": "2024-11-21T06:29:45.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-26T19:15:07.843", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49"}, {"source": "security-advisories@github.com", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/backstage/backstage/tree/master/plugins/auth-backend"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/backstage/backstage/tree/master/plugins/auth-backend"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}