CVE-2022-39219

Incorrect Permission Assignment for Critical Resource in go/github.com/brokercap/Bifrost

Identifiers

CVE-2022-39219, GHSA-p6fh-xc6r-g5hw

Package Slug

go/github.com/brokercap/Bifrost

Vulnerability

Incorrect Permission Assignment for Critical Resource

Description

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior is vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.

Affected Versions

All versions before 1.8.7

Solution

Upgrade to version 1.8.7 or above.

Last Modified

2022-09-29

source