CVE-2022-39219

2022-09-2614:15:10

Google

osv.dev

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

0.001 Low

EPSS

Percentile

26.8%

JSON

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.

CPENameOperatorVersion
bifrosteq1.4.0-release
bifrosteq1.6.0-beta.02
bifrosteq1.1.0-beta.20
bifrosteq1.8.4-release
bifrosteq1.8.2-release
bifrosteq1.3.2-release
bifrosteq1.4.1-release
bifrosteq1.2.1-rc.01
bifrosteq1.2.4-release
bifrosteq1.1.0-beta.10

Name	Operator	Version
bifrost	eq	1.4.0-release
bifrost	eq	1.6.0-beta.02
bifrost	eq	1.1.0-beta.20
bifrost	eq	1.8.4-release
bifrost	eq	1.8.2-release
bifrost	eq	1.3.2-release
bifrost	eq	1.4.1-release
bifrost	eq	1.2.1-rc.01
bifrost	eq	1.2.4-release
bifrost	eq	1.1.0-beta.10