CVE-2024-45816

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-techdocs-backend versions prior to 1.10.13

Description: The issue is related to the Backstage platform, an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs, it is possible to access content in the entire storage bucket, potentially leaking contents not intended to be accessible and bypassing permission checks in Backstage.

Recommendations: For versions prior to 1.10.13, upgrade to the 1.10.13 release of the @backstage/plugin-techdocs-backend package to fix the issue. As a temporary workaround, consider restricting access to the TechDocs storage bucket to minimize the risk of exploitation. Avoid using the AWS S3 or GCS storage provider for TechDocs until the issue is resolved by upgrading to the fixed version.