CVE-2022-39267

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39267

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39267.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-39267

Aliases

Related

GHSA-mxrx-fg8p-5p5j

Published

2022-10-19T13:15:08Z

Modified

2025-01-08T09:03:59.528586Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.

References

Affected packages

Git / github.com/brokercap/bifrost

Affected ranges

Type: GIT
Repo: https://github.com/brokercap/bifrost
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

73956dbc64c2c2f068a56b5b5f0ba57df60ad5a3

Affected versions

MySQL_Filed_DataCheck_v0.*

MySQL_Filed_DataCheck_v0.1.0

MySQL_Filed_DataCheck_v0.1.1

Other

v1.*

v1.0.0-release

v1.0.1-release

v1.0.2-release

v1.0.3-release

v1.0.4-release

v1.1.0

v1.1.0-beta.07-04

v1.1.0-beta.08

v1.1.0-beta.09

v1.1.0-beta.10

v1.1.0-beta.11

v1.1.0-beta.12

v1.1.0-beta.13

v1.1.0-beta.14

v1.1.0-beta.15

v1.1.0-beta.16

v1.1.0-beta.16.apha01

v1.1.0-beta.17

v1.1.0-beta.18

v1.1.0-beta.19

v1.1.0-beta.20

v1.1.0-beta.21

v1.1.0-release

v1.1.1-release

v1.2.0-rc.01

v1.2.1-rc.01

v1.2.1-release

v1.2.2

v1.2.2-release

v1.2.3-release

v1.2.4-release

v1.2.x-beta.01

v1.3.0-release

v1.3.1-release

v1.3.2-release

v1.4.0-release

v1.4.1-release

v1.4.2-release

v1.4.3-release

v1.4.4-release

v1.4.5-release

v1.5.0-beta.01

v1.5.0-release

v1.5.1-release

v1.5.2-release

v1.6.0-beta.01

v1.6.0-beta.02

v1.6.0-beta.04

v1.6.0-release

v1.6.1-release

v1.6.2-release

v1.6.3-release

v1.6.4-release

v1.6.5-release

v1.6.6-release

v1.7.0-rc.01

v1.7.1-release

v1.7.2-release

v1.7.3-release

v1.7.4-release

v1.8.0-beta.01

v1.8.1-release

v1.8.2-release

v1.8.3-release

v1.8.4-release

v1.8.5-release

v1.8.6-release