github.com/brokercap/bifrost is vulnerable to authentication bypass. The vulnerability exists in multiple functions of ajax.js
because of removing the X-Requested-With: XMLHttpRequest
field from the request header which allows an attacker to bypass permission using HTTP basic authentication.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/brokercap/bifrost | le | v1.8.6-release | |
github.com/brokercap/bifrost | le | v1.8.6-release |