Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-mxrx-fg8p-5p5j: Bifrost vulnerable to authentication check flaw that leads to authentication bypass

Impact

The admin and monitor user groups need to be authenticated by username and password. If we delete the X-Requested-With: XMLHttpRequest field in the request header,the authentication will be bypassed.

Patches

https://github.com/brockercap/Bifrost/pull/201

Workarounds

Upgrade to the latest version

ghsa
Open in Source
#git#auth

Bifrost vulnerable to authentication check flaw that leads to authentication bypass

High severity GitHub Reviewed Published Oct 18, 2022 in brokercap/Bifrost • Updated Oct 18, 2022

Related news

CVE-2022-39267: Authentication check flaw leads to authentication bypass

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.

ghsa: Latest News

GHSA-r7rh-jww5-5fjr: Pomerium service account access token may grant unintended access to databroker API
ghsa