Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-39267: Authentication check flaw leads to authentication bypass

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.

CVE
Open in Source
#sql#redis#git#auth#mongo

Package

gomod https://github.com/brokercap/Bifrost/tree/master/admin/controller (Go)

Affected versions

<=v1.8.6-release

Patched versions

v1.8.7-release

Description

Impact

The admin and monitor user groups need to be authenticated by username and password.
If we delete the X-Requested-With: XMLHttpRequest field in the request header,the authentication will be bypassed.

Patches

https://github.com/brockercap/Bifrost/pull/201

Workarounds

Upgrade to the latest version

Related news

GHSA-mxrx-fg8p-5p5j: Bifrost vulnerable to authentication check flaw that leads to authentication bypass

### Impact The admin and monitor user groups need to be authenticated by username and password. If we delete the X-Requested-With: XMLHttpRequest field in the request header,the authentication will be bypassed. ### Patches https://github.com/brockercap/Bifrost/pull/201 ### Workarounds Upgrade to the latest version

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE