CVE-2022-39219
HIGHBifrost < 1.8.7-release - Authentication Bypass via HTTP Basic Authentication
Title source: llmDescription
Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/brokercap/Bifrost/security/advisories/GHSA-p6fh-xc6r-g5hw
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/brokercap/Bifrost/issues/200
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/brokercap/Bifrost/releases/tag/v1.8.7-release
Scores
CVSS v3
8.5
EPSS
0.0089
EPSS Percentile
54.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (2)
brokercap/Bifrost
0 - 1.8.7-releaseGo
xbifrost/bifrost
< 1.8.7
Published
Sep 26, 2022
Tracked Since
Feb 18, 2026