Vulnerabilities (CVE)

Filtered by vendor Xbifrost Subscribe
Filtered by product Bifrost
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-39267 1 Xbifrost 1 Bifrost 2024-11-21 N/A 8.8 HIGH
Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.
CVE-2022-39219 1 Xbifrost 1 Bifrost 2024-11-21 N/A 8.5 HIGH
Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.