Backstage TechDocs Node Plugin Path Traversal Vulnerability

A path traversal vulnerability has been identified in the Backstage TechDocs local generator, specifically in versions of the @backstage/plugin-techdocs-node plugin prior to 1.13.11 and 1.14.0. When Backstage is configured to run the TechDocs generator locally, this vulnerability allows attackers to read arbitrary files from the host filesystem. The issue arises because MkDocs, during the documentation build process, follows symlinks in the docs directory, potentially exposing sensitive file contents in the generated HTML. This embedded information can be accessed by users viewing the documentation.

Impact

Exploitation of this vulnerability could lead to unauthorized access to arbitrary files on the host filesystem, with the potential for sensitive information disclosure.

Remediation

Users can upgrade to Backstage TechDocs Node Plugin versions 1.14.1 or 1.13.11, where this vulnerability has been patched. Alternatively, users can switch the TechDocs generator execution to Docker by updating the app-config.yaml file, and restrict write access to TechDocs source repositories to trusted users only.