High severityNVD Advisory· Published Sep 26, 2022· Updated Apr 22, 2025
Bifrost users using basic authntication can bypass write permission limit
CVE-2022-39219
Description
Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/brokercap/BifrostGo | < 1.8.7-release | 1.8.7-release |
Affected products
2- brokercap/Bifrostv5Range: < 1.8.7-release
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-p6fh-xc6r-g5hwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-39219ghsaADVISORY
- github.com/brokercap/Bifrost/issues/200ghsax_refsource_MISCWEB
- github.com/brokercap/Bifrost/releases/tag/v1.8.7-releaseghsax_refsource_MISCWEB
- github.com/brokercap/Bifrost/security/advisories/GHSA-p6fh-xc6r-g5hwghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.