CVE-2022-39267
- Source
- https://cve.org/CVERecord?id=CVE-2022-39267
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39267.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-39267
- Aliases
- Published
- 2022-10-19T00:00:00Z
- Modified
- 2025-11-28T04:54:04.162035Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Brokercap Bifrost vulnerable to authentication bypass for admin and monitor user groups
- Details
-
Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39267.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-287" ] }- References
Affected packages
Git / github.com/brokercap/bifrost
Affected ranges
- Type
- GIT
- Repo
- https://github.com/brokercap/bifrost
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
MySQL_Filed_DataCheck_v0.*
MySQL_Filed_DataCheck_v0.1.0
MySQL_Filed_DataCheck_v0.1.1
Other
lasted
v1
v1.*
v1.0-beta1
v1.0-beta2
v1.0-beta3
v1.0-beta4
v1.0.0-release
v1.0.1-release
v1.0.2-release
v1.0.3-release
v1.0.4-release
v1.1.0
v1.1.0-beta.01
v1.1.0-beta.02
v1.1.0-beta.03
v1.1.0-beta.04
v1.1.0-beta.05
v1.1.0-beta.07-04
v1.1.0-beta.08
v1.1.0-beta.09
v1.1.0-beta.10
v1.1.0-beta.11
v1.1.0-beta.12
v1.1.0-beta.13
v1.1.0-beta.14
v1.1.0-beta.15
v1.1.0-beta.16
v1.1.0-beta.16.apha01
v1.1.0-beta.17
v1.1.0-beta.18
v1.1.0-beta.19
v1.1.0-beta.20
v1.1.0-beta.21
v1.1.0-release
v1.1.1-release
v1.2.0-rc.01
v1.2.1-rc.01
v1.2.1-release
v1.2.2
v1.2.2-release
v1.2.3-release
v1.2.4-release
v1.2.x-beta.01
v1.3.0-release
v1.3.1-release
v1.3.2-release
v1.4.0-release
v1.4.1-release
v1.4.2-release
v1.4.3-release
v1.4.4-release
v1.4.5-release
v1.5.0-beta.01
v1.5.0-release
v1.5.1-release
v1.5.2-release
v1.6.0-beta.01
v1.6.0-beta.02
v1.6.0-beta.04
v1.6.0-release
v1.6.1-release
v1.6.2-release
v1.6.3-release
v1.6.4-release
v1.6.5-release
v1.6.6-release
v1.7.0-rc.01
v1.7.1-release
v1.7.2-release
v1.7.3-release
v1.7.4-release
v1.8.0-beta.01
v1.8.1-release
v1.8.2-release
v1.8.3-release
v1.8.4-release
v1.8.5-release
v1.8.6-release
v1.8.7-release