CVE-2022-39219 HIGH

CVE-2022-39219: Bifrost users using basic authntication can bypass write permission limit

Vendor Brokercap
Product Bifrost
Weakness CWE-287 · Improper authentication
Published September 26, 2022
Last update April 22, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

What the vulnerability does

01Description

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.

Key dates

02Disclosure timeline

September 26, 2022 CVE published
April 22, 2025 Record updated