Количество 3
Количество 3
CVE-2022-39267
Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.
GHSA-mxrx-fg8p-5p5j
Bifrost vulnerable to authentication check flaw that leads to authentication bypass
BDU:2022-06440
Уязвимость программного средства синхронизации без данных Bifrost, связанная с недостатками процедуры аутентификации, позволяющая нарушителю повысить свои привилегии
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-39267 Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-mxrx-fg8p-5p5j Bifrost vulnerable to authentication check flaw that leads to authentication bypass | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
 | BDU:2022-06440 Уязвимость программного средства синхронизации без данных Bifrost, связанная с недостатками процедуры аутентификации, позволяющая нарушителю повысить свои привилегии | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу