{"id":"CVE-2022-39267","summary":"Brokercap Bifrost vulnerable to authentication bypass for admin and monitor user groups","details":"Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.","aliases":["GHSA-mxrx-fg8p-5p5j","GO-2022-1067"],"modified":"2026-04-09T08:59:01.398946Z","published":"2022-10-19T00:00:00Z","database_specific":{"cwe_ids":["CWE-287"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39267.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39267.json"},{"type":"ADVISORY","url":"https://github.com/brokercap/Bifrost/security/advisories/GHSA-mxrx-fg8p-5p5j"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39267"},{"type":"FIX","url":"https://github.com/brockercap/Bifrost/pull/201"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/brokercap/bifrost","events":[{"introduced":"0"},{"fixed":"f8664531846fdc56c185af49305d2eed81ba7198"}]}],"versions":["lasted","v1","v1.0-beta1","v1.0-beta3","v1.0-beta4","v1.0.0-release","v1.0.1-release","v1.0.2-release","v1.0.3-release","v1.0.4-release","v1.1.0","v1.1.0-beta.03","v1.1.0-beta.07-04","v1.1.0-beta.13","v1.2.2","v1.2.x-beta.01","v1.7.1-release","v1.7.2-release","v1.7.3-release","v1.7.4-release","v1.8.0-beta.01","v1.8.1-release","v1.8.2-release","v1.8.3-release","v1.8.4-release","v1.8.5-release","v1.8.6-release","v1.8.7-release"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39267.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}