High severityNVD Advisory· Published Oct 19, 2022· Updated Apr 23, 2025
Brokercap Bifrost vulnerable to authentication bypass for admin and monitor user groups
CVE-2022-39267
Description
Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/brokercap/BifrostGo | < 1.8.7-release | 1.8.7-release |
Affected products
2- brokercap/Bifrostv5Range: < 1.8.8-release
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-mxrx-fg8p-5p5jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-39267ghsaADVISORY
- github.com/brockercap/Bifrost/pull/201ghsaWEB
- github.com/brokercap/Bifrost/commit/63da5c8eb7eb21639ea7ac199fe10b5e07b03a8aghsaWEB
- github.com/brokercap/Bifrost/security/advisories/GHSA-mxrx-fg8p-5p5jghsaWEB
News mentions
0No linked articles in our index yet.