Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/brockercap/Bifrost/pull/201 | Broken Link |
https://github.com/brokercap/Bifrost/security/advisories/GHSA-mxrx-fg8p-5p5j | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-10-19T00:00:00
Updated: 2022-10-19T00:00:00
Reserved: 2022-09-02T00:00:00
Link: CVE-2022-39267
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-10-19T13:15:08.753
Modified: 2022-10-20T19:28:06.650
Link: CVE-2022-39267
JSON object: View
Redhat Information
No data.
CWE