Vulnerability Description
Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xbifrost | Bifrost | < 1.8.7 |
Related Weaknesses (CWE)
References
- https://github.com/brokercap/Bifrost/issues/200ExploitIssue TrackingThird Party Advisory
- https://github.com/brokercap/Bifrost/releases/tag/v1.8.7-releaseRelease NotesThird Party Advisory
- https://github.com/brokercap/Bifrost/security/advisories/GHSA-p6fh-xc6r-g5hwThird Party Advisory
- https://github.com/brokercap/Bifrost/issues/200ExploitIssue TrackingThird Party Advisory
- https://github.com/brokercap/Bifrost/releases/tag/v1.8.7-releaseRelease NotesThird Party Advisory
- https://github.com/brokercap/Bifrost/security/advisories/GHSA-p6fh-xc6r-g5hwThird Party Advisory
FAQ
What is CVE-2022-39219?
CVE-2022-39219 is a vulnerability with a CVSS score of 8.5 (HIGH). Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP ba...
How severe is CVE-2022-39219?
CVE-2022-39219 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39219?
Check the references section above for vendor advisories and patch information. Affected products include: Xbifrost Bifrost.