Security
Headlines

Headlines Latest CVEs

Headline

GHSA-p6fh-xc6r-g5hw: Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.

2 years ago

#sql #git #auth

Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication

High severity GitHub Reviewed Published Sep 27, 2022 in brokercap/Bifrost

Related news

CVE-2022-39219: Use basic auth can bypass write permission limit · Issue #200 · brokercap/Bifrost

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.

2 years ago

#sql #windows #linux #js #git #java #auth #firefox

ghsa: Latest News

GHSA-9h9q-qhxg-89xr: Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting

2 days ago

GHSA-jg74-mwgw-v6x3: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

3 days ago

GHSA-h4h5-9833-v2p4: Rancher agents can be hijacked by taking over the Rancher Server URL

3 days ago

GHSA-g54f-66mw-hv66: Agnai vulnerable to Relative Path Traversal in Image Upload

3 days ago

GHSA-h355-hm5h-cm8h: Agnai File Disclosure Vulnerability: JSON via Path Traversal

3 days ago