CVE-2024-46976

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 17, 2024
Updated: Sep 20, 2024
CWE ID 693

Summary

CVE-2024-46976 is a vulnerability affecting the @backstage/plugin-techdocs-backend package, which allows an attacker to inject executable scripts into TechDocs content if they can control the contents of the TechDocs storage buckets. This issue poses a medium severity risk with a CVSS base score of 6.5, requiring low privileges and user interaction for exploitation. Organizations are advised to remedy this vulnerability by upgrading to version 1.10.13, as there are no known workarounds available. The potential danger includes unauthorized script execution in users' browsers, which could lead to further exploitation or data compromise. Affected products encompass various Backstage implementations identified by specific product codes listed in the advisory.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share